Action not permitted
Modal body text goes here.
CVE-2019-16785
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:24:47.876Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2020-bdcc8ffc24", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "name": "FEDORA-2020-65a7744e38", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "name": "RHSA-2020:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Waitress", "vendor": "Pylons", "versions": [ { "lessThanOrEqual": "1.3.1", "status": "affected", "version": "\u003c= 1.3.1", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T23:06:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "FEDORA-2020-bdcc8ffc24", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "name": "FEDORA-2020-65a7744e38", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "name": "RHSA-2020:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" } ], "source": { "advisory": "GHSA-pg36-wpm5-g57p", "discovery": "UNKNOWN" }, "title": "HTTP Request Smuggling: LF vs CRLF handling in Waitress", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16785", "STATE": "PUBLIC", "TITLE": "HTTP Request Smuggling: LF vs CRLF handling in Waitress" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Waitress", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "\u003c= 1.3.1", "version_value": "1.3.1" } ] } } ] }, "vendor_name": "Pylons" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2020-bdcc8ffc24", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "name": "FEDORA-2020-65a7744e38", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "name": "RHSA-2020:0720", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", "refsource": "MISC", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p", "refsource": "CONFIRM", "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "name": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba", "refsource": "MISC", "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" } ] }, "source": { "advisory": "GHSA-pg36-wpm5-g57p", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2019-16785", "datePublished": "2019-12-20T23:00:25", "dateReserved": "2019-09-24T00:00:00", "dateUpdated": "2024-08-05T01:24:47.876Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-16785\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2019-12-20T23:15:11.167\",\"lastModified\":\"2024-11-21T04:31:11.193\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Waitress through version 1.3.1 implemented a \\\"MAY\\\" part of the RFC7230 which states: \\\"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\\\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.\"},{\"lang\":\"es\",\"value\":\"Waitress versi\u00f3n hasta 1.3.1, implement\u00f3 una parte \\\"MAY\\\" del RFC7230 que declara: \\\"Aunque el terminador de l\u00ednea para los campos de l\u00ednea de inicio y encabezado es la secuencia CRLF, un receptor PUEDE reconocer un LF \u00fanico como un terminador de l\u00ednea e ignorar cualquier CR anterior\\\". Desafortunadamente, si un servidor front-end no analiza los campos de encabezado con un LF de igual forma que los que tienen un CRLF, puede conllevar a que el servidor front-end y el back-end analice el mismo mensaje HTTP de dos maneras diferentes. Esto puede conllevar a un posible tr\u00e1fico no autorizado y una divisi\u00f3n de peticiones HTTP, por lo que Waitress puede visualizar dos peticiones mientras que el servidor front-end solo visualiza un solo mensaje HTTP. Este problema fue corregido en Waitress versi\u00f3n 1.4.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:agendaless:waitress:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"2A7E9C06-F243-47BE-984D-8247F2F179FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A5B24D-BDF2-423C-98EA-A40778C01A05\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70108B60-8817-40B4-8412-796A592E4E5E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0720\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
pysec-2019-136
Vulnerability from pysec
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "waitress", "purl": "pkg:pypi/waitress" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" } ], "repo": "https://github.com/Pylons/waitress", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "1.4.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.1", "0.2", "0.3", "0.4", "0.5", "0.6", "0.6.1", "0.7", "0.8", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.7", "0.8.8", "0.8.9", "0.8.10", "0.8.11b0", "0.9.0b0", "0.9.0b1", "0.9.0", "1.0a1", "1.0a2", "1.0.0", "1.0.1", "1.0.2", "1.1.0", "1.2.0b1", "1.2.0b2", "1.2.0b3", "1.2.0", "1.2.1", "1.3.0b0", "1.3.0", "1.3.1" ] } ], "aliases": [ "CVE-2019-16785", "GHSA-pg36-wpm5-g57p" ], "details": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.", "id": "PYSEC-2019-136", "modified": "2020-02-25T17:15:00Z", "published": "2019-12-20T23:15:00Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "type": "FIX", "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "type": "WEB", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ] }
rhsa-2021_0420
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Quay 3.4.0 is now available with bug fixes and various\nenhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Quay 3.4.0 release\n\nSecurity Fix(es):\n\n* waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)\n\n* waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)\n\n* waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)\n\n* python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)\n\n* python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)\n\n* python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)\n\n* python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)\n\n* python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)\n\n* openstack-mistral: information disclosure in mistral log (CVE-2019-3866)\n\n* python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)\n\n* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)\n\n* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)\n\n* yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)\n\n* python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)\n\n* python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:0420", "url": "https://access.redhat.com/errata/RHSA-2021:0420" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1768731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731" }, { "category": "external", "summary": "1789532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532" }, { "category": "external", "summary": "1789533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533" }, { "category": "external", "summary": "1789535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535" }, { "category": "external", "summary": "1789538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538" }, { "category": "external", "summary": "1789540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540" }, { "category": "external", "summary": "1789807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807" }, { "category": "external", "summary": "1791415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415" }, { "category": "external", "summary": "1791420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420" }, { "category": "external", "summary": "1806005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005" }, { "category": "external", "summary": "1816261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261" }, { "category": "external", "summary": "1852814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814" }, { "category": "external", "summary": "1852820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820" }, { "category": "external", "summary": "1852824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824" }, { "category": "external", "summary": "1852832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832" }, { "category": "external", "summary": "1852836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836" }, { "category": "external", "summary": "1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0420.json" } ], "title": "Red Hat Security Advisory: Red Hat Quay v3.4.0 security update", "tracking": { "current_release_date": "2024-12-08T11:44:15+00:00", "generator": { "date": "2024-12-08T11:44:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2021:0420", "initial_release_date": "2021-02-04T16:14:00+00:00", "revision_history": [ { "date": "2021-02-04T16:14:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-02-04T16:14:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:44:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Quay v3", "product": { "name": "Quay v3", "product_id": "8Base-Quay-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:quay:3::el8" } } } ], "category": "product_family", "name": "Red Hat Quay" }, { "branches": [ { "category": "product_version", "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "product": { "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "product_id": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.4.0-3" } } }, { "category": "product_version", "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product": { "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product_id": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.4.0-17" } } }, { "category": "product_version", "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product": { "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product_id": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-openshift-bridge-rhel8-operator\u0026tag=v3.4.0-17" } } }, { "category": "product_version", "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "product": { "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "product_id": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.4.0-18" } } }, { "category": "product_version", "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "product": { "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.4.0-17" } } }, { "category": "product_version", "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "product": { "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "product_id": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "product_identification_helper": { "purl": "pkg:oci/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.4.0-25" } } }, { "category": "product_version", "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "product": { "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "product_id": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.4.0-2" } } }, { "category": "product_version", "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "product": { "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "product_id": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.4.0-2" } } }, { "category": "product_version", "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "product": { "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "product_id": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.4.0-89" } } }, { "category": "product_version", "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "product": { "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "product_id": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.4.0-132" } } }, { "category": "product_version", "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64", "product": { "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64", "product_id": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64", "product_identification_helper": { "purl": "pkg:oci/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.4.0-51" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64" }, "product_reference": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64" }, "product_reference": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64" }, "product_reference": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64" }, "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64" }, "product_reference": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64" }, "product_reference": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64" }, "product_reference": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64" }, "product_reference": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64" }, "product_reference": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64" }, "product_reference": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "relates_to_product_reference": "8Base-Quay-3" }, { "category": "default_component_of", "full_product_name": { "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64 as a component of Quay v3", "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" }, "product_reference": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64", "relates_to_product_reference": "8Base-Quay-3" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenStack project" ] }, { "names": [ "Gauvain Pocentek and Cl\u00e9ment Beaufils" ], "organization": "Kindred Group PLC", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2019-3866", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2019-11-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1768731" } ], "notes": [ { "category": "description", "text": "An information-exposure vulnerability was discovered where openstack-mistral\u0027s undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openstack-mistral: information disclosure in mistral log", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-3866" }, { "category": "external", "summary": "RHBZ#1768731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-3866", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866" } ], "release_date": "2019-11-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" }, { "category": "workaround", "details": "Plain text information can be masked by ensuring that all mistral log files are not world readable.", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openstack-mistral: information disclosure in mistral log" }, { "cve": "CVE-2019-16785", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791420" } ], "notes": [ { "category": "description", "text": "An HTTP-request vulnerability was discovered in Waitress which implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately, if a front-end server does not process header fields with an LF the same way as it processes those with a CRLF, it can lead to the front-end and the back-end server processing the same HTTP message in two different ways. This vulnerability can lead to a potential for HTTP request smuggling and splitting where Waitress may see two requests, while the front-end server only sees a single HTTP message.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP request smuggling through LF vs CRLF handling", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13, because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16785" }, { "category": "external", "summary": "RHBZ#1791420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16785", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6" } ], "release_date": "2019-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP request smuggling through LF vs CRLF handling" }, { "cve": "CVE-2019-16786", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791415" } ], "notes": [ { "category": "description", "text": "An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the inner-most encoding first, followed by any further transfer codings, ending with \u0027chunked\u0027. Because of this flaw, requests sent with: \"Transfer-Encoding: gzip, chunked\" would get ignored, and waitress would use the Content-Length header instead to determine the body size of the HTTP message. A remote attacker could exploit this flaw to force waitress to accept potentially bad HTTP requests or treat a single request as multiple requests in the case of HTTP pipelining.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP request smuggling through invalid Transfer-Encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13, because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16786" }, { "category": "external", "summary": "RHBZ#1791415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16786", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6" } ], "release_date": "2019-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP request smuggling through invalid Transfer-Encoding" }, { "cve": "CVE-2019-16789", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789807" } ], "notes": [ { "category": "description", "text": "An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server, an HTTP request splitting could occur which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nFor Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16789" }, { "category": "external", "summary": "RHBZ#1789807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16789", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16789" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2" } ], "release_date": "2019-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers" }, { "cve": "CVE-2019-19911", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789540" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in Pillow in versions before 6.2.2, where the FpxImagePlugin.py file calls the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows systems running 32-bit Python, this flaw results in an OverflowError or MemoryError due to the 2 GB limit. On Linux systems running 64-bit Python, this flaw results in the termination of the process by the out-of-memory (OOM) killer. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include python-olefile, which is necessary to use the FPX image plugin.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-19911" }, { "category": "external", "summary": "RHBZ#1789540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19911", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19911" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911" } ], "release_date": "2020-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py" }, { "cve": "CVE-2019-20477", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-02-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1806005" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.", "title": "Vulnerability description" }, { "category": "summary", "text": "PyYAML: command execution through python/object/apply constructor in FullLoader", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of PyYAML as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the class FullLoader, which contains this vulnerability.\n\nThe PyYAML libary that is provided in the Red Hat OpenStack repositories is vulnerable. However, because there are no instances where this library is used in a way which exposes the vulnerability, the impact to OpenStack products has been reduced to \u0027low\u0027 and Red Hat will not be providing a fix at this time. Any updates will be through RHEL channels.\n\nRed Hat Quay 3.2 uses the vulnerable load function, but only to parse the Nginx configuration file, which only contains trusted data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20477" }, { "category": "external", "summary": "RHBZ#1806005", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20477", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" }, { "category": "workaround", "details": "Use `yaml.safe_load` or the SafeLoader loader when you parse untrusted input.", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "PyYAML: command execution through python/object/apply constructor in FullLoader" }, { "cve": "CVE-2020-5310", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789538" } ], "notes": [ { "category": "description", "text": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they did not include support for tiled TIFF images, where the flaw lies.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5310" }, { "category": "external", "summary": "RHBZ#1789538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5310", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5310" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310" } ], "release_date": "2020-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode" }, { "cve": "CVE-2020-5311", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789535" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5311" }, { "category": "external", "summary": "RHBZ#1789535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5311", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5311" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311" } ], "release_date": "2020-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c" }, { "cve": "CVE-2020-5312", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2020-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789533" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5312" }, { "category": "external", "summary": "RHBZ#1789533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5312", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5312" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312" } ], "release_date": "2020-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c" }, { "cve": "CVE-2020-5313", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789532" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-5313" }, { "category": "external", "summary": "RHBZ#1789532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5313", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5313" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313" } ], "release_date": "2020-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images" }, { "cve": "CVE-2020-8131", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816261" } ], "notes": [ { "category": "description", "text": "An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user\u2019s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package.", "title": "Vulnerability description" }, { "category": "summary", "text": "yarn: Arbitrary filesystem write via tar expansion", "title": "Vulnerability summary" }, { "category": "other", "text": "Normally yarn allows packages to run postinstall scripts which can write arbitrary files to the users system. This vulnerability allows an attacker to better hide the attack and also allow arbitrary file write when postinstall scripts are disabled with the \u0027--ignore-scripts\u0027 option of \u0027yarn install\u0027.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8131" }, { "category": "external", "summary": "RHBZ#1816261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8131", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131" } ], "release_date": "2020-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "yarn: Arbitrary filesystem write via tar expansion" }, { "cve": "CVE-2020-10177", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852824" } ], "notes": [ { "category": "description", "text": "A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10177" }, { "category": "external", "summary": "RHBZ#1852824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10177", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10177" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177" } ], "release_date": "2020-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c" }, { "cve": "CVE-2020-10378", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852832" } ], "notes": [ { "category": "description", "text": "A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state-\u003eshuffle is instructed to read beyond state-\u003ebuffer.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10378" }, { "category": "external", "summary": "RHBZ#1852832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10378", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10378" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378" } ], "release_date": "2020-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files" }, { "cve": "CVE-2020-10379", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852836" } ], "notes": [ { "category": "description", "text": "In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()", "title": "Vulnerability summary" }, { "category": "other", "text": "While python-pillow is listed as a dependency of Red Hat Quay, it is not used by the application.\n\nThis issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they provide an older version of the code which does not include the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10379" }, { "category": "external", "summary": "RHBZ#1852836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10379", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10379" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379" } ], "release_date": "2020-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()" }, { "cve": "CVE-2020-10994", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2020-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852820" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the JP2 image parser, where the flaw lies.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10994" }, { "category": "external", "summary": "RHBZ#1852820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10994", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10994" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994" } ], "release_date": "2020-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file" }, { "cve": "CVE-2020-11538", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2020-07-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1852814" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11538" }, { "category": "external", "summary": "RHBZ#1852814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11538", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11538" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538" } ], "release_date": "2020-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2" }, { "cve": "CVE-2020-14040", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-06-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1853652" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-14040" }, { "category": "external", "summary": "RHBZ#1853652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040" }, { "category": "external", "summary": "https://github.com/golang/go/issues/39491", "url": "https://github.com/golang/go/issues/39491" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0", "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0" } ], "release_date": "2020-06-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-02-04T16:14:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:0420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64", "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64", "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64", "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64", "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64", "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64", "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64", "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64", "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64", "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash" } ] }
rhsa-2020_0720
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for python-waitress is now available for Red Hat OpenStack\nPlatform 15 (Stein).\n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1.\n\nSecurity Fix(es):\n\n* HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)\n\n* HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)\n\n* HTTP Request Smuggling through Invalid whitespace characters in headers\n(CVE-2019-16789)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0720", "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1789807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807" }, { "category": "external", "summary": "1791415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415" }, { "category": "external", "summary": "1791420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0720.json" } ], "title": "Red Hat Security Advisory: python-waitress security update", "tracking": { "current_release_date": "2024-11-13T22:11:30+00:00", "generator": { "date": "2024-11-13T22:11:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2020:0720", "initial_release_date": "2020-03-05T12:02:14+00:00", "revision_history": [ { "date": "2020-03-05T12:02:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-03-05T12:02:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:11:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform 15.0", "product": { "name": "Red Hat OpenStack Platform 15.0", "product_id": "8Base-RHOS-15.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:15::el8" } } } ], "category": "product_family", "name": "Red Hat OpenStack Platform" }, { "branches": [ { "category": "product_version", "name": "python-waitress-0:1.4.2-1.el8ost.src", "product": { "name": "python-waitress-0:1.4.2-1.el8ost.src", "product_id": "python-waitress-0:1.4.2-1.el8ost.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-waitress@1.4.2-1.el8ost?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "python3-waitress-0:1.4.2-1.el8ost.noarch", "product": { "name": "python3-waitress-0:1.4.2-1.el8ost.noarch", "product_id": "python3-waitress-0:1.4.2-1.el8ost.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-waitress@1.4.2-1.el8ost?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-waitress-0:1.4.2-1.el8ost.src as a component of Red Hat OpenStack Platform 15.0", "product_id": "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src" }, "product_reference": "python-waitress-0:1.4.2-1.el8ost.src", "relates_to_product_reference": "8Base-RHOS-15.0" }, { "category": "default_component_of", "full_product_name": { "name": "python3-waitress-0:1.4.2-1.el8ost.noarch as a component of Red Hat OpenStack Platform 15.0", "product_id": "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" }, "product_reference": "python3-waitress-0:1.4.2-1.el8ost.noarch", "relates_to_product_reference": "8Base-RHOS-15.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-16785", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791420" } ], "notes": [ { "category": "description", "text": "An HTTP-request vulnerability was discovered in Waitress which implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately, if a front-end server does not process header fields with an LF the same way as it processes those with a CRLF, it can lead to the front-end and the back-end server processing the same HTTP message in two different ways. This vulnerability can lead to a potential for HTTP request smuggling and splitting where Waitress may see two requests, while the front-end server only sees a single HTTP message.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP request smuggling through LF vs CRLF handling", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13, because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16785" }, { "category": "external", "summary": "RHBZ#1791420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16785", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6" } ], "release_date": "2019-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-05T12:02:14+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP request smuggling through LF vs CRLF handling" }, { "cve": "CVE-2019-16786", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1791415" } ], "notes": [ { "category": "description", "text": "An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the inner-most encoding first, followed by any further transfer codings, ending with \u0027chunked\u0027. Because of this flaw, requests sent with: \"Transfer-Encoding: gzip, chunked\" would get ignored, and waitress would use the Content-Length header instead to determine the body size of the HTTP message. A remote attacker could exploit this flaw to force waitress to accept potentially bad HTTP requests or treat a single request as multiple requests in the case of HTTP pipelining.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP request smuggling through invalid Transfer-Encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13, because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16786" }, { "category": "external", "summary": "RHBZ#1791415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16786", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6" } ], "release_date": "2019-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-05T12:02:14+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP request smuggling through invalid Transfer-Encoding" }, { "cve": "CVE-2019-16789", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1789807" } ], "notes": [ { "category": "description", "text": "An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server, an HTTP request splitting could occur which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. The highest threat from this vulnerability is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers", "title": "Vulnerability summary" }, { "category": "other", "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nFor Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-16789" }, { "category": "external", "summary": "RHBZ#1789807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16789", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16789" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789" }, { "category": "external", "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2" } ], "release_date": "2019-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-05T12:02:14+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0720" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-15.0:python-waitress-0:1.4.2-1.el8ost.src", "8Base-RHOS-15.0:python3-waitress-0:1.4.2-1.el8ost.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers" } ] }
gsd-2019-16785
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-16785", "description": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.", "id": "GSD-2019-16785", "references": [ "https://www.suse.com/security/cve/CVE-2019-16785.html", "https://access.redhat.com/errata/RHSA-2021:0420", "https://access.redhat.com/errata/RHSA-2020:0720", "https://advisories.mageia.org/CVE-2019-16785.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-16785" ], "details": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.", "id": "GSD-2019-16785", "modified": "2023-12-13T01:23:40.525045Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16785", "STATE": "PUBLIC", "TITLE": "HTTP Request Smuggling: LF vs CRLF handling in Waitress" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Waitress", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "\u003c= 1.3.1", "version_value": "1.3.1" } ] } } ] }, "vendor_name": "Pylons" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2020-bdcc8ffc24", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "name": "FEDORA-2020-65a7744e38", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "name": "RHSA-2020:0720", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", "refsource": "MISC", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p", "refsource": "CONFIRM", "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "name": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba", "refsource": "MISC", "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" } ] }, "source": { "advisory": "GHSA-pg36-wpm5-g57p", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c=1.3.1", "affected_versions": "All versions up to 1.3.1", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-444", "CWE-937" ], "date": "2019-12-31", "description": "Waitress implemented an optional part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient may recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message.", "fixed_versions": [ "1.4.0" ], "identifier": "CVE-2019-16785", "identifiers": [ "CVE-2019-16785", "GHSA-pg36-wpm5-g57p" ], "not_impacted": "All versions after 1.3.1", "package_slug": "pypi/waitress", "pubdate": "2019-12-20", "solution": "Upgrade to version 1.4.0 or above.", "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-16785", "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" ], "uuid": "7a135a12-bb93-45d8-8f04-14a08920c27b" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:agendaless:waitress:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2019-16785" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p", "refsource": "CONFIRM", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "name": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "name": "FEDORA-2020-bdcc8ffc24", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/" }, { "name": "FEDORA-2020-65a7744e38", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/" }, { "name": "RHSA-2020:0720", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-09-23T18:58Z", "publishedDate": "2019-12-20T23:15Z" } } }
ghsa-pg36-wpm5-g57p
Vulnerability from github
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
Impact
Waitress implemented a "MAY" part of the RFC7230 (https://tools.ietf.org/html/rfc7230#section-3.5) which states:
Although the line terminator for the start-line and header fields is
the sequence CRLF, a recipient MAY recognize a single LF as a line
terminator and ignore any preceding CR.
Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message.
Example:
Content-Length: 100[CRLF]
X-Header: x[LF]Content-Length: 0[CRLF]
Would get treated by Waitress as if it were:
Content-Length: 100
X-Header: x
Content-Length: 0
This could potentially get used by attackers to split the HTTP request and smuggle a second request in the body of the first.
Patches
This issue is fixed in Waitress 1.4.0. This brings a range of changes to harden Waitress against potential HTTP request confusions, and may change the behaviour of Waitress behind non-conformist proxies.
Waitress no longer implements the MAY part of the specification and instead requires that all lines are terminated correctly with CRLF. If any lines are found with a bare CR or LF a 400 Bad Request is sent back to the requesting entity.
The Pylons Project recommends upgrading as soon as possible, while validating that the changes in Waitress don't cause any changes in behavior.
Workarounds
Various reverse proxies may have protections against sending potentially bad HTTP requests to the backend, and or hardening against potential issues like this. If the reverse proxy doesn't use HTTP/1.1 for connecting to the backend issues are also somewhat mitigated, as HTTP pipelining does not exist in HTTP/1.0 and Waitress will close the connection after every single request (unless the Keep Alive header is explicitly sent... so this is not a fool proof security method)
Issues/more security issues:
- open an issue at https://github.com/Pylons/waitress/issues (if not sensitive or security related)
- email the Pylons Security mailing list: pylons-project-security@googlegroups.com (if security related)
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "waitress" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.4.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-16785" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2019-12-20T23:01:44Z", "nvd_published_at": "2019-12-20T23:15:00Z", "severity": "MODERATE" }, "details": "### Impact\n\nWaitress implemented a \u0026amp;quot;MAY\u0026amp;quot; part of the RFC7230 (https://tools.ietf.org/html/rfc7230#section-3.5) which states:\n\n Although the line terminator for the start-line and header fields is\n the sequence CRLF, a recipient MAY recognize a single LF as a line\n terminator and ignore any preceding CR.\n\nUnfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message.\n\nExample:\n\n```\nContent-Length: 100[CRLF]\nX-Header: x[LF]Content-Length: 0[CRLF]\n```\n\nWould get treated by Waitress as if it were:\n\n```\nContent-Length: 100\nX-Header: x\nContent-Length: 0\n```\n\nThis could potentially get used by attackers to split the HTTP request and smuggle a second request in the body of the first.\n\n\n### Patches\n\nThis issue is fixed in Waitress 1.4.0. This brings a range of changes to harden Waitress against potential HTTP request confusions, and may change the behaviour of Waitress behind non-conformist proxies. \n\nWaitress no longer implements the MAY part of the specification and instead requires that all lines are terminated correctly with CRLF. If any lines are found with a bare CR or LF a 400 Bad Request is sent back to the requesting entity.\n\nThe Pylons Project recommends upgrading as soon as possible, while validating that the changes in Waitress don\u0026amp;#39;t cause any changes in behavior.\n\n### Workarounds\n\nVarious reverse proxies may have protections against sending potentially bad HTTP requests to the backend, and or hardening against potential issues like this. If the reverse proxy doesn\u0026amp;#39;t use HTTP/1.1 for connecting to the backend issues are also somewhat mitigated, as HTTP pipelining does not exist in HTTP/1.0 and Waitress will close the connection after every single request (unless the Keep Alive header is explicitly sent... so this is not a fool proof security method)\n\n### Issues/more security issues:\n\n* open an issue at https://github.com/Pylons/waitress/issues (if not sensitive or security related)\n* email the Pylons Security mailing list: pylons-project-security@googlegroups.com (if security related)", "id": "GHSA-pg36-wpm5-g57p", "modified": "2024-11-19T13:55:58Z", "published": "2019-12-20T23:03:57Z", "references": [ { "type": "WEB", "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785" }, { "type": "WEB", "url": "https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2020:0720" }, { "type": "WEB", "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" }, { "type": "PACKAGE", "url": "https://github.com/Pylons/waitress" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-136.yaml" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N", "type": "CVSS_V4" } ], "summary": "HTTP Request Smuggling: LF vs CRLF handling in Waitress" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.