Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19919 (GCVE-0-2019-19919)
Vulnerability from cvelistv5
Published
2019-12-20 22:50
Modified
2024-08-05 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
References
| URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/advisories/1164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:07:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/advisories/1164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/advisories/1164",
"refsource": "MISC",
"url": "https://www.npmjs.com/advisories/1164"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19919",
"datePublished": "2019-12-20T22:50:39",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-08-05T02:32:09.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19919\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-20T23:15:11.480\",\"lastModified\":\"2024-11-21T04:35:39.797\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.\"},{\"lang\":\"es\",\"value\":\"Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminaci\u00f3n de Prototipos conllevando a una ejecuci\u00f3n de c\u00f3digo remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario por medio de cargas \u00fatiles dise\u00f1adas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6FBBF1FB-FAEF-41B9-8E6E-A7DDA881C201\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4BF4DC1D-DDD7-4617-A438-AED32D4D2F6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B97055D1-E30A-44DC-9792-A74DF11B2110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3079C4D9-56D0-47F5-ABED-02DD89D0E8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"89F30120-98DA-4418-B92C-803EAEA5A2FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"47712A16-6191-47BB-B882-224EBF2DB25D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3BCF49BE-5CF7-404C-899D-9596C0C104BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7619CE95-7EC1-4EDA-B604-BC67CDE33727\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4CF11D05-33CF-4BC6-BD81-FF3ABB75CEA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8BE0C388-BA09-4972-94D0-ADB5B77B8763\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"263741E0-F7D4-4A0B-AE73-3EA3192E9694\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E96203B2-1DCC-4691-B219-C913068BC033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B3BA06B6-42E7-47FF-AED7-6E5A8E14A08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1F0B3A6C-10B2-4142-889C-23D53B31EC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"018B3A23-8A8C-4BAD-BC58-D5418B79D322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"383DF444-D620-4EC2-A3C8-1D51E40786C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1AE16B41-008D-466F-99A2-938A92CEFF2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D12A5B4E-7834-42F9-908F-E32DF2D3CD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B2AF202E-BEAD-4A4C-B8B0-B4F14A0610F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BAE9F367-D1E7-4E5C-A9D5-22565A5F674B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0BCA804B-5D31-47D8-95CB-363E7980D28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"476DBC97-8693-4EF4-A4A4-8C10CC8F33D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"16D4CD1A-6A58-42A9-A3E7-448BB7252CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"49B8323F-939F-4600-835A-E0E5EACB5276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9BD938F8-0962-4983-902C-B96790A83ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"775A330D-44DA-426E-9DFB-7B3FA617C887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"12C85BFA-8E59-4FF0-803B-224FD8955A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6816A885-1EE1-40B7-A2CA-1CCD2594497E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"ED35F37A-A85A-42FF-847F-D0E9F21DEC99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8810BDCB-555A-43B0-A003-6B74E2559B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"39CE17D1-10A6-46F8-86B8-CF91E98E30F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9F2F975B-DAEB-47BF-AC41-CCC13C7E3CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3F795717-AA89-4316-B357-6329FDF534DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"26BA7CCF-AD82-4CC6-8E2C-8EF43C3250CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"24788A2C-438C-49FA-A20D-383AC9CD699B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"74530A3D-0B50-43CA-ABA7-95A6D1D99C9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A544C487-98E2-4A30-8878-C8BC7F5CD2AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B635034C-5DDD-433F-A453-DCE8D8D736C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FA83D29F-0083-4332-A618-56DB0ED59024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F6321E82-B999-4BCD-8FD6-E1B55A60A41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FEACA66E-4BDE-41DC-9797-21B81BB43E01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"62A44232-6323-434E-8653-D7C2238702DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B83F4927-BB98-4791-96E9-FF6D302A2AD8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.19.0\",\"matchCriteriaId\":\"41DBA7C7-8084-45F6-B59D-13A9022C34DF\"}]}]}],\"references\":[{\"url\":\"https://www.npmjs.com/advisories/1164\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.npmjs.com/advisories/1164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
gsd-2019-19919
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19919",
"description": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.",
"id": "GSD-2019-19919"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19919"
],
"details": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.",
"id": "GSD-2019-19919",
"modified": "2023-12-13T01:23:54.376286Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/advisories/1164",
"refsource": "MISC",
"url": "https://www.npmjs.com/advisories/1164"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.3.0",
"affected_versions": "All versions before 4.3.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-74",
"CWE-78",
"CWE-937"
],
"date": "2021-07-26",
"description": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.",
"fixed_versions": [
"4.3.0"
],
"identifier": "CVE-2019-19919",
"identifiers": [
"GHSA-w457-6q6x-cgp9",
"CVE-2019-19919"
],
"not_impacted": "All versions starting from 4.3.0",
"package_slug": "npm/handlebars",
"pubdate": "2019-12-26",
"solution": "Upgrade to version 4.3.0 or above.",
"title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
"https://www.npmjs.com/advisories/1164",
"https://github.com/wycats/handlebars.js/issues/1558",
"https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919",
"https://github.com/advisories/GHSA-w457-6q6x-cgp9"
],
"uuid": "575de737-3d81-4c61-8e27-09157ec51380"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.19.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19919"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.npmjs.com/advisories/1164",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/1164"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-06-03T18:48Z",
"publishedDate": "2019-12-20T23:15Z"
}
}
}
rhsa-2023:1334
Vulnerability from csaf_redhat
Published
2023-03-20 09:15
Modified
2025-11-07 10:37
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)
* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)
* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)\n\n* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)\n\n* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)\n\n* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1334",
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1334.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update",
"tracking": {
"current_release_date": "2025-11-07T10:37:15+00:00",
"generator": {
"date": "2025-11-07T10:37:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2023:1334",
"initial_release_date": "2023-03-20T09:15:52+00:00",
"revision_history": [
{
"date": "2023-03-20T09:15:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-20T09:15:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-07T10:37:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12629",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1501529"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Solr: Code execution via entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12629"
},
{
"category": "external",
"summary": "RHBZ#1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
}
],
"release_date": "2017-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Solr: Code execution via entity expansion"
},
{
"cve": "CVE-2018-1000134",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557531"
}
],
"notes": [
{
"category": "description",
"text": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Virtualization does not use the UnboundID SDK in synchronous mode, and hence does not expose this vulnerability in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000134"
},
{
"category": "external",
"summary": "RHBZ#1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000134",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/",
"url": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/"
}
],
"release_date": "2018-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class"
},
{
"cve": "CVE-2019-19919",
"cwe": {
"id": "CWE-471",
"name": "Modification of Assumed-Immutable Data (MAID)"
},
"discovery_date": "2020-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so it has been given a low impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19919"
},
{
"category": "external",
"summary": "RHBZ#1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
}
],
"release_date": "2019-09-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads"
},
{
"cve": "CVE-2019-20920",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20920"
},
{
"category": "external",
"summary": "RHBZ#1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1316",
"url": "https://www.npmjs.com/advisories/1316"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1324",
"url": "https://www.npmjs.com/advisories/1324"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
},
{
"cve": "CVE-2019-20922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20922"
},
{
"category": "external",
"summary": "RHBZ#1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1300",
"url": "https://www.npmjs.com/advisories/1300"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
},
{
"cve": "CVE-2021-23369",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23369"
},
{
"category": "external",
"summary": "RHBZ#1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option"
},
{
"cve": "CVE-2021-23383",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23383"
},
{
"category": "external",
"summary": "RHBZ#1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option"
},
{
"cve": "CVE-2021-26291",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven: Block repositories using http by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26291"
},
{
"category": "external",
"summary": "RHBZ#1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
},
{
"category": "external",
"summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
"url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
}
],
"release_date": "2021-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "maven: Block repositories using http by default"
}
]
}
RHSA-2023:1334
Vulnerability from csaf_redhat
Published
2023-03-20 09:15
Modified
2025-11-07 10:37
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)
* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)
* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)\n\n* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)\n\n* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)\n\n* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1334",
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1334.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update",
"tracking": {
"current_release_date": "2025-11-07T10:37:15+00:00",
"generator": {
"date": "2025-11-07T10:37:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2023:1334",
"initial_release_date": "2023-03-20T09:15:52+00:00",
"revision_history": [
{
"date": "2023-03-20T09:15:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-20T09:15:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-07T10:37:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12629",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1501529"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Solr: Code execution via entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12629"
},
{
"category": "external",
"summary": "RHBZ#1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
}
],
"release_date": "2017-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Solr: Code execution via entity expansion"
},
{
"cve": "CVE-2018-1000134",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557531"
}
],
"notes": [
{
"category": "description",
"text": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Virtualization does not use the UnboundID SDK in synchronous mode, and hence does not expose this vulnerability in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000134"
},
{
"category": "external",
"summary": "RHBZ#1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000134",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/",
"url": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/"
}
],
"release_date": "2018-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class"
},
{
"cve": "CVE-2019-19919",
"cwe": {
"id": "CWE-471",
"name": "Modification of Assumed-Immutable Data (MAID)"
},
"discovery_date": "2020-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so it has been given a low impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19919"
},
{
"category": "external",
"summary": "RHBZ#1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
}
],
"release_date": "2019-09-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads"
},
{
"cve": "CVE-2019-20920",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20920"
},
{
"category": "external",
"summary": "RHBZ#1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1316",
"url": "https://www.npmjs.com/advisories/1316"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1324",
"url": "https://www.npmjs.com/advisories/1324"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
},
{
"cve": "CVE-2019-20922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20922"
},
{
"category": "external",
"summary": "RHBZ#1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1300",
"url": "https://www.npmjs.com/advisories/1300"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
},
{
"cve": "CVE-2021-23369",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23369"
},
{
"category": "external",
"summary": "RHBZ#1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option"
},
{
"cve": "CVE-2021-23383",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23383"
},
{
"category": "external",
"summary": "RHBZ#1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option"
},
{
"cve": "CVE-2021-26291",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven: Block repositories using http by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26291"
},
{
"category": "external",
"summary": "RHBZ#1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
},
{
"category": "external",
"summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
"url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
}
],
"release_date": "2021-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "maven: Block repositories using http by default"
}
]
}
rhsa-2023_1334
Vulnerability from csaf_redhat
Published
2023-03-20 09:15
Modified
2024-11-15 12:04
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)
* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)
* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)\n\n* handlebars: nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* handlebars: nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\n* handlebars: nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* rhpam-7-businesscentral-rhel8-container: maven: Block repositories using http by default (CVE-2021-26291)\n\n* unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class (CVE-2018-1000134)\n\n* handlebars: nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads (CVE-2019-19919)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1334",
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1334.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.2 security update",
"tracking": {
"current_release_date": "2024-11-15T12:04:11+00:00",
"generator": {
"date": "2024-11-15T12:04:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:1334",
"initial_release_date": "2023-03-20T09:15:52+00:00",
"revision_history": [
{
"date": "2023-03-20T09:15:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-20T09:15:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T12:04:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12629",
"cwe": {
"id": "CWE-138",
"name": "Improper Neutralization of Special Elements"
},
"discovery_date": "2017-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1501529"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Solr: Code execution via entity expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-12629"
},
{
"category": "external",
"summary": "RHBZ#1501529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
"url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
}
],
"release_date": "2017-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Solr: Code execution via entity expansion"
},
{
"cve": "CVE-2018-1000134",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2018-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1557531"
}
],
"notes": [
{
"category": "description",
"text": "UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn\u0027t check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Virtualization does not use the UnboundID SDK in synchronous mode, and hence does not expose this vulnerability in its default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000134"
},
{
"category": "external",
"summary": "RHBZ#1557531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000134",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000134"
},
{
"category": "external",
"summary": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/",
"url": "https://nawilson.com/2018/03/19/cve-2018-1000134-and-the-unboundid-ldap-sdk-for-java/"
}
],
"release_date": "2018-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class"
},
{
"cve": "CVE-2019-19919",
"cwe": {
"id": "CWE-471",
"name": "Modification of Assumed-Immutable Data (MAID)"
},
"discovery_date": "2020-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1789959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so it has been given a low impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-19919"
},
{
"category": "external",
"summary": "RHBZ#1789959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
}
],
"release_date": "2019-09-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads"
},
{
"cve": "CVE-2019-20920",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20920"
},
{
"category": "external",
"summary": "RHBZ#1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1316",
"url": "https://www.npmjs.com/advisories/1316"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1324",
"url": "https://www.npmjs.com/advisories/1324"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
},
{
"cve": "CVE-2019-20922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20922"
},
{
"category": "external",
"summary": "RHBZ#1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1300",
"url": "https://www.npmjs.com/advisories/1300"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
},
{
"cve": "CVE-2021-23369",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23369"
},
{
"category": "external",
"summary": "RHBZ#1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option"
},
{
"cve": "CVE-2021-23383",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23383"
},
{
"category": "external",
"summary": "RHBZ#1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option"
},
{
"cve": "CVE-2021-26291",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955739"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "maven: Block repositories using http by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26291"
},
{
"category": "external",
"summary": "RHBZ#1955739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291"
},
{
"category": "external",
"summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291",
"url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291"
}
],
"release_date": "2021-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-20T09:15:52+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1334"
},
{
"category": "workaround",
"details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "maven: Block repositories using http by default"
}
]
}
CERTFR-2020-AVI-015
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à R1912 | ||
| Juniper Networks | N/A | Juniper Networks SBR Carrier versions antérieures à 8.4.1R19 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 19.4R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2020-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
},
{
"name": "CVE-2018-1336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2018-5743",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
},
{
"name": "CVE-2014-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2020-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
},
{
"name": "CVE-2007-5846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2020-1608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
},
{
"name": "CVE-2020-1602",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2008-6123",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
},
{
"name": "CVE-2020-1601",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
},
{
"name": "CVE-2017-2595",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
},
{
"name": "CVE-2016-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2017-12174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2020-1607",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2019-14835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2020-1604",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
},
{
"name": "CVE-2016-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2020-1603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
},
{
"name": "CVE-2008-4309",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2014-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
},
{
"name": "CVE-2020-1609",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
},
{
"name": "CVE-2020-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
},
{
"name": "CVE-2020-1600",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
}
],
"initial_release_date": "2020-01-09T00:00:00",
"last_revision_date": "2020-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2021-AVI-539
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Monitoring (install\u00e9 sur WebSphere Application Server) versions 6.3.0 Fix Pack 7 Service Pack 5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Resilient versions ant\u00e9rieures \u00e0 41.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5262"
},
{
"name": "CVE-2011-1498",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1498"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2021-20453",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20453"
},
{
"name": "CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2021-20480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20480"
},
{
"name": "CVE-2021-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20454"
},
{
"name": "CVE-2021-26296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26296"
},
{
"name": "CVE-2021-32820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32820"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
}
],
"initial_release_date": "2021-07-19T00:00:00",
"last_revision_date": "2021-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-539",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6471655 du 16 juillet 2021",
"url": "https://www.ibm.com/support/pages/node/6471655"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6473095 du 16 juillet 2021",
"url": "https://www.ibm.com/support/pages/node/6473095"
}
]
}
CERTFR-2022-AVI-278
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans IBM Spectrum discover. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Discover versions 2.0.4.X ant\u00e9rieures \u00e0 2.0.4.5",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7751"
},
{
"name": "CVE-2019-20477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
},
{
"name": "CVE-2020-8116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
},
{
"name": "CVE-2020-7699",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7699"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2013-7459",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7459"
},
{
"name": "CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2020-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
},
{
"name": "CVE-2020-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"name": "CVE-2018-6594",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6594"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"name": "CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-43616",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43616"
}
],
"initial_release_date": "2022-03-29T00:00:00",
"last_revision_date": "2022-04-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-278",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-29T00:00:00.000000"
},
{
"description": "ajout avis \u00e9diteur du 31 mars 2022 et CVE CVE-2021-41092",
"revision_date": "2022-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\ndiscover. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum discover",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6566889 du 28 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6566889"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6568675 du 31 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6568675"
}
]
}
CERTFR-2021-AVI-571
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2020-7060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
},
{
"name": "CVE-2019-11048",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2019-11041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
},
{
"name": "CVE-2020-7071",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
},
{
"name": "CVE-2019-11045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
},
{
"name": "CVE-2021-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
},
{
"name": "CVE-2020-7070",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
},
{
"name": "CVE-2020-7069",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
},
{
"name": "CVE-2019-11046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
},
{
"name": "CVE-2020-7063",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2021-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-7068",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2019-11044",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
},
{
"name": "CVE-2020-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2017-5661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
},
{
"name": "CVE-2019-11047",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
},
{
"name": "CVE-2020-7067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
},
{
"name": "CVE-2020-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2019-11043",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
},
{
"name": "CVE-2020-7065",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
},
{
"name": "CVE-2019-11050",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-7066",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2020-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
},
{
"name": "CVE-2020-7059",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
},
{
"name": "CVE-2019-11042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
},
{
"name": "CVE-2019-11049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
},
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-571",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
cnvd-2019-47434
Vulnerability from cnvd
Title
handlebars存在未明漏洞
Description
handlebars是一款语义化的Web模板系统。
handlebars 4.3.0之前版本中存在安全漏洞。攻击者可利用该漏洞借助特制的payloads执行任意代码。
Severity
高
VLAI Severity ?
Patch Name
handlebars存在未明漏洞的补丁
Patch Description
handlebars是一款语义化的Web模板系统。
handlebars 4.3.0之前版本中存在安全漏洞。攻击者可利用该漏洞借助特制的payloads执行任意代码。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布相关漏洞补丁链接,请及时更新: https://handlebarsjs.com/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-19919
Impacted products
| Name | handlebars handlebars <4.3.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19919"
}
},
"description": "handlebars\u662f\u4e00\u6b3e\u8bed\u4e49\u5316\u7684Web\u6a21\u677f\u7cfb\u7edf\u3002\n\nhandlebars 4.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u7684payloads\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://handlebarsjs.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-47434",
"openTime": "2019-12-27",
"patchDescription": "handlebars\u662f\u4e00\u6b3e\u8bed\u4e49\u5316\u7684Web\u6a21\u677f\u7cfb\u7edf\u3002\r\n\r\nhandlebars 4.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u7684payloads\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "handlebars\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "handlebars handlebars \u003c4.3.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919",
"serverity": "\u9ad8",
"submitTime": "2019-12-23",
"title": "handlebars\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
fkie_cve-2019-19919
Vulnerability from fkie_nvd
Published
2019-12-20 23:15
Modified
2024-11-21 04:35
Severity ?
Summary
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.npmjs.com/advisories/1164 | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/security/tns-2021-14 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.npmjs.com/advisories/1164 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2021-14 | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*",
"matchCriteriaId": "6FBBF1FB-FAEF-41B9-8E6E-A7DDA881C201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*",
"matchCriteriaId": "4BF4DC1D-DDD7-4617-A438-AED32D4D2F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*",
"matchCriteriaId": "B97055D1-E30A-44DC-9792-A74DF11B2110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*",
"matchCriteriaId": "3079C4D9-56D0-47F5-ABED-02DD89D0E8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*",
"matchCriteriaId": "89F30120-98DA-4418-B92C-803EAEA5A2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*",
"matchCriteriaId": "47712A16-6191-47BB-B882-224EBF2DB25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*",
"matchCriteriaId": "3BCF49BE-5CF7-404C-899D-9596C0C104BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "7619CE95-7EC1-4EDA-B604-BC67CDE33727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "4CF11D05-33CF-4BC6-BD81-FF3ABB75CEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*",
"matchCriteriaId": "8BE0C388-BA09-4972-94D0-ADB5B77B8763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "263741E0-F7D4-4A0B-AE73-3EA3192E9694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "E96203B2-1DCC-4691-B219-C913068BC033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "B3BA06B6-42E7-47FF-AED7-6E5A8E14A08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "1F0B3A6C-10B2-4142-889C-23D53B31EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "018B3A23-8A8C-4BAD-BC58-D5418B79D322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "383DF444-D620-4EC2-A3C8-1D51E40786C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*",
"matchCriteriaId": "1AE16B41-008D-466F-99A2-938A92CEFF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*",
"matchCriteriaId": "D12A5B4E-7834-42F9-908F-E32DF2D3CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*",
"matchCriteriaId": "B2AF202E-BEAD-4A4C-B8B0-B4F14A0610F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*",
"matchCriteriaId": "BAE9F367-D1E7-4E5C-A9D5-22565A5F674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*",
"matchCriteriaId": "0BCA804B-5D31-47D8-95CB-363E7980D28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*",
"matchCriteriaId": "476DBC97-8693-4EF4-A4A4-8C10CC8F33D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "16D4CD1A-6A58-42A9-A3E7-448BB7252CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "49B8323F-939F-4600-835A-E0E5EACB5276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*",
"matchCriteriaId": "9BD938F8-0962-4983-902C-B96790A83ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*",
"matchCriteriaId": "775A330D-44DA-426E-9DFB-7B3FA617C887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*",
"matchCriteriaId": "12C85BFA-8E59-4FF0-803B-224FD8955A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*",
"matchCriteriaId": "6816A885-1EE1-40B7-A2CA-1CCD2594497E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*",
"matchCriteriaId": "ED35F37A-A85A-42FF-847F-D0E9F21DEC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*",
"matchCriteriaId": "8810BDCB-555A-43B0-A003-6B74E2559B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*",
"matchCriteriaId": "39CE17D1-10A6-46F8-86B8-CF91E98E30F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*",
"matchCriteriaId": "9F2F975B-DAEB-47BF-AC41-CCC13C7E3CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*",
"matchCriteriaId": "3F795717-AA89-4316-B357-6329FDF534DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*",
"matchCriteriaId": "26BA7CCF-AD82-4CC6-8E2C-8EF43C3250CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*",
"matchCriteriaId": "24788A2C-438C-49FA-A20D-383AC9CD699B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*",
"matchCriteriaId": "74530A3D-0B50-43CA-ABA7-95A6D1D99C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*",
"matchCriteriaId": "A544C487-98E2-4A30-8878-C8BC7F5CD2AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "B635034C-5DDD-433F-A453-DCE8D8D736C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "FA83D29F-0083-4332-A618-56DB0ED59024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*",
"matchCriteriaId": "F6321E82-B999-4BCD-8FD6-E1B55A60A41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "FEACA66E-4BDE-41DC-9797-21B81BB43E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*",
"matchCriteriaId": "62A44232-6323-434E-8653-D7C2238702DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*",
"matchCriteriaId": "B83F4927-BB98-4791-96E9-FF6D302A2AD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
"versionEndExcluding": "5.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object\u0027s __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads."
},
{
"lang": "es",
"value": "Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminaci\u00f3n de Prototipos conllevando a una ejecuci\u00f3n de c\u00f3digo remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario por medio de cargas \u00fatiles dise\u00f1adas."
}
],
"id": "CVE-2019-19919",
"lastModified": "2024-11-21T04:35:39.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-20T23:15:11.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/1164"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.npmjs.com/advisories/1164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-w457-6q6x-cgp9
Vulnerability from github
Published
2019-12-26 17:58
Modified
2022-06-06 17:16
Severity ?
VLAI Severity ?
Summary
Prototype Pollution in handlebars
Details
Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Recommendation
Upgrade to version 3.0.8, 4.3.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "bootstrap-wysihtml5-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.3.5"
},
{
"last_affected": "0.3.3.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-19919"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2019-12-26T17:55:40Z",
"nvd_published_at": "2019-12-20T23:15:00Z",
"severity": "CRITICAL"
},
"details": "Versions of `handlebars` prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects\u0027 `__proto__` and `__defineGetter__` properties, which may allow an attacker to execute arbitrary code through crafted payloads.\n\n\n## Recommendation\n\nUpgrade to version 3.0.8, 4.3.0 or later.",
"id": "GHSA-w457-6q6x-cgp9",
"modified": "2022-06-06T17:16:15Z",
"published": "2019-12-26T17:58:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919"
},
{
"type": "WEB",
"url": "https://github.com/wycats/handlebars.js/issues/1558"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/156061eb7707575293613d7fdf90e2bdaac029ee"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/90ad8d97ad2933852fb83fcc054699dc99e094db"
},
{
"type": "WEB",
"url": "https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919"
},
{
"type": "WEB",
"url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/blob/master/vendor/assets/javascripts/bootstrap-wysihtml5/handlebars.runtime.min.js"
},
{
"type": "WEB",
"url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/tree/master/vendor/assets/javascripts/bootstrap-wysihtml5"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-wysihtml5-rails/CVE-2019-19919.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/wycats/handlebars.js"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in handlebars"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…