Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-29415 (GCVE-0-2024-29415)
Vulnerability from cvelistv5
- n/a
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-01-17T20:02:53.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/indutny/node-ip/pull/143" }, { "tags": [ "x_transferred" ], "url": "https://github.com/indutny/node-ip/pull/144" }, { "tags": [ "x_transferred" ], "url": "https://github.com/indutny/node-ip/issues/150" }, { "url": "https://security.netapp.com/advisory/ntap-20250117-0010/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*" ], "defaultStatus": "unknown", "product": "ip", "vendor": "fedorindutny", "versions": [ { "lessThan": "2.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-29415", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T04:01:46.879141Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-941", "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-16T13:39:39.225Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-27T20:08:01.985Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/indutny/node-ip/pull/143" }, { "url": "https://github.com/indutny/node-ip/pull/144" }, { "url": "https://github.com/indutny/node-ip/issues/150" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2024-29415", "datePublished": "2024-05-27T20:04:14.756Z", "dateReserved": "2024-03-19T00:00:00.000Z", "dateUpdated": "2025-02-13T15:47:46.180Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-29415\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-05-27T20:15:08.970\",\"lastModified\":\"2025-01-17T20:15:27.950\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.\"},{\"lang\":\"es\",\"value\":\"El paquete ip hasta la versi\u00f3n 2.0.1 para Node.js podr\u00eda permitir SSRF porque algunas direcciones IP (como 127.1, 01200034567, 012.1.2.3, 000:0:0000::01 y ::fFFf:127.0.0.1) Est\u00e1n incorrectamente categorizadas como enrutable globalmente a trav\u00e9s de isPublic. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-42282.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"},{\"lang\":\"en\",\"value\":\"CWE-941\"}]}],\"references\":[{\"url\":\"https://github.com/indutny/node-ip/issues/150\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/indutny/node-ip/pull/143\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/indutny/node-ip/pull/144\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/indutny/node-ip/issues/150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/indutny/node-ip/pull/143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/indutny/node-ip/pull/144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250117-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/indutny/node-ip/pull/143\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/indutny/node-ip/pull/144\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/indutny/node-ip/issues/150\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250117-0010/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-17T20:02:53.716Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29415\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-16T04:01:46.879141Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*\"], \"vendor\": \"fedorindutny\", \"product\": \"ip\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-941\", \"description\": \"CWE-941 Incorrectly Specified Destination in a Communication Channel\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-16T13:29:59.306Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/indutny/node-ip/pull/143\"}, {\"url\": \"https://github.com/indutny/node-ip/pull/144\"}, {\"url\": \"https://github.com/indutny/node-ip/issues/150\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-27T20:08:01.985Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2024-29415\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T15:47:46.180Z\", \"dateReserved\": \"2024-03-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-05-27T20:04:14.756Z\", \"assignerShortName\": \"mitre\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
ghsa-2p57-rm9w-gvfp
Vulnerability from github
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "ip" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "2.0.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-29415" ], "database_specific": { "cwe_ids": [ "CWE-918" ], "github_reviewed": true, "github_reviewed_at": "2024-06-02T22:29:29Z", "nvd_published_at": "2024-05-27T20:15:08Z", "severity": "HIGH" }, "details": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "id": "GHSA-2p57-rm9w-gvfp", "modified": "2025-01-17T21:31:38Z", "published": "2024-06-02T22:29:29Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415" }, { "type": "WEB", "url": "https://github.com/indutny/node-ip/issues/150" }, { "type": "WEB", "url": "https://github.com/indutny/node-ip/pull/143" }, { "type": "WEB", "url": "https://github.com/indutny/node-ip/pull/144" }, { "type": "PACKAGE", "url": "https://github.com/indutny/node-ip" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20250117-0010" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "ip SSRF improper categorization in isPublic" }
rhsa-2024:10236
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10236", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "CRW-7528", "url": "https://issues.redhat.com/browse/CRW-7528" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release", "tracking": { "current_release_date": "2025-10-20T17:11:03+00:00", "generator": { "date": "2025-10-20T17:11:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2024:10236", "initial_release_date": "2024-11-25T19:44:38+00:00", "revision_history": [ { "date": "2024-11-25T19:44:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T19:44:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-20T17:11:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Dev Spaces 3", "product": { "name": "Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_identification_helper": { "purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x" }, "product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64" }, "product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" }, "product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64" }, "product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le" }, "product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x" }, "product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le" }, "product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64" }, "product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" }, "product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64" }, "product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le" }, "product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64" }, "product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le" }, "product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x" }, "product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64" }, "product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x" }, "product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" }, "product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x" }, "product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le" }, "product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" }, "product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.\n\nRed Hat Developer Hub contains a fix in 1.1-91 version.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2024-21534", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-10-11T06:00:50.977825+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317968" } ], "notes": [ { "category": "description", "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat\u0027s initial impact rating of critical has been downgraded to low. While the vulnerable code is technically still present within Red Hat products, there are no code paths in affected products which allow exploitation. As such, the impact to Red Hat products is low.\n\nEach of the products listed have multiple components where a fixed build could occur. This distinction does not matter for users as only one build needs fixed for the product. Additionally, in Red Hat OpenShift AI, jsonpath-plus is a dependency of a direct dependency and is never loaded, as the direct dependency\u0027s feature that requires jsonpath-plus is not used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21534" }, { "category": "external", "summary": "RHBZ#2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/issues/226", "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884", "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" } ], "release_date": "2024-10-11T05:00:01.824000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-05-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2284554" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-ip: Incomplete fix for CVE-2023-42282", "title": "Vulnerability summary" }, { "category": "other", "text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29415" }, { "category": "external", "summary": "RHBZ#2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "node-ip: Incomplete fix for CVE-2023-42282" }, { "cve": "CVE-2024-34155", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:06.929766+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310527" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34155" }, { "category": "external", "summary": "RHBZ#2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155" }, { "category": "external", "summary": "https://go.dev/cl/611238", "url": "https://go.dev/cl/611238" }, { "category": "external", "summary": "https://go.dev/issue/69138", "url": "https://go.dev/issue/69138" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3105", "url": "https://pkg.go.dev/vuln/GO-2024-3105" } ], "release_date": "2024-09-06T21:15:11.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45813", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-18T17:20:11.964011+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2313383" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "find-my-way: ReDoS vulnerability in multiparametric routes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45813" }, { "category": "external", "summary": "RHBZ#2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813" }, { "category": "external", "summary": "https://blakeembrey.com/posts/2024-09-web-redos", "url": "https://blakeembrey.com/posts/2024-09-web-redos" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440", "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6", "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6" } ], "release_date": "2024-09-18T17:15:19.163000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "find-my-way: ReDoS vulnerability in multiparametric routes" }, { "cve": "CVE-2024-47875", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-10-11T15:20:07.304345+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2318052" } ], "notes": [ { "category": "description", "text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: nesting-based mutation XSS vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47875" }, { "category": "external", "summary": "RHBZ#2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" } ], "release_date": "2024-10-11T15:15:05.860000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dompurify: nesting-based mutation XSS vulnerability" }, { "cve": "CVE-2024-48949", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2024-10-10T01:00:37.956974+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317724" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.", "title": "Vulnerability description" }, { "category": "summary", "text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification", "title": "Vulnerability summary" }, { "category": "other", "text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-48949" }, { "category": "external", "summary": "RHBZ#2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6" } ], "release_date": "2024-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification" } ] }
rhsa-2024_10236
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10236", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "CRW-7528", "url": "https://issues.redhat.com/browse/CRW-7528" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release", "tracking": { "current_release_date": "2025-01-06T18:53:41+00:00", "generator": { "date": "2025-01-06T18:53:41+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2024:10236", "initial_release_date": "2024-11-25T19:44:38+00:00", "revision_history": [ { "date": "2024-11-25T19:44:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T19:44:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-06T18:53:41+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Dev Spaces 3", "product": { "name": "Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_identification_helper": { "purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x" }, "product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64" }, "product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" }, "product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64" }, "product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le" }, "product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x" }, "product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le" }, "product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64" }, "product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" }, "product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64" }, "product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le" }, "product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64" }, "product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le" }, "product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x" }, "product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64" }, "product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x" }, "product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" }, "product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x" }, "product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le" }, "product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" }, "product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2024-21534", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-10-11T06:00:50.977825+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317968" } ], "notes": [ { "category": "description", "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability has been addressed, however, it is important to note that the unsafe behavior is still present but is no longer enabled by default. Developers using older versions or relying on this unsafe behavior could still be at risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21534" }, { "category": "external", "summary": "RHBZ#2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884", "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" } ], "release_date": "2024-10-11T05:00:01.824000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-05-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2284554" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-ip: Incomplete fix for CVE-2023-42282", "title": "Vulnerability summary" }, { "category": "other", "text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29415" }, { "category": "external", "summary": "RHBZ#2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "node-ip: Incomplete fix for CVE-2023-42282" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45813", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-18T17:20:11.964011+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2313383" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "find-my-way: ReDoS vulnerability in multiparametric routes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45813" }, { "category": "external", "summary": "RHBZ#2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813" }, { "category": "external", "summary": "https://blakeembrey.com/posts/2024-09-web-redos", "url": "https://blakeembrey.com/posts/2024-09-web-redos" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440", "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6", "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6" } ], "release_date": "2024-09-18T17:15:19.163000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "find-my-way: ReDoS vulnerability in multiparametric routes" }, { "cve": "CVE-2024-47875", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-10-11T15:20:07.304345+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2318052" } ], "notes": [ { "category": "description", "text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: nesting-based mutation XSS vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47875" }, { "category": "external", "summary": "RHBZ#2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" } ], "release_date": "2024-10-11T15:15:05.860000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dompurify: nesting-based mutation XSS vulnerability" }, { "cve": "CVE-2024-48949", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2024-10-10T01:00:37.956974+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317724" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.", "title": "Vulnerability description" }, { "category": "summary", "text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification", "title": "Vulnerability summary" }, { "category": "other", "text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-48949" }, { "category": "external", "summary": "RHBZ#2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6" } ], "release_date": "2024-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification" } ] }
RHSA-2024:10236
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10236", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "CRW-7528", "url": "https://issues.redhat.com/browse/CRW-7528" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release", "tracking": { "current_release_date": "2025-10-20T17:11:03+00:00", "generator": { "date": "2025-10-20T17:11:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.6.9" } }, "id": "RHSA-2024:10236", "initial_release_date": "2024-11-25T19:44:38+00:00", "revision_history": [ { "date": "2024-11-25T19:44:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T19:44:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-10-20T17:11:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Dev Spaces 3", "product": { "name": "Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_identification_helper": { "purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.17-6" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.17-9" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x" }, "product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64" }, "product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" }, "product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64" }, "product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le" }, "product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x" }, "product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le" }, "product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64" }, "product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" }, "product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64" }, "product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le" }, "product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64" }, "product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le" }, "product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x" }, "product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64" }, "product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x" }, "product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" }, "product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x" }, "product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le" }, "product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" }, "product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.\n\nRed Hat Developer Hub contains a fix in 1.1-91 version.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2024-21534", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-10-11T06:00:50.977825+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317968" } ], "notes": [ { "category": "description", "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat\u0027s initial impact rating of critical has been downgraded to low. While the vulnerable code is technically still present within Red Hat products, there are no code paths in affected products which allow exploitation. As such, the impact to Red Hat products is low.\n\nEach of the products listed have multiple components where a fixed build could occur. This distinction does not matter for users as only one build needs fixed for the product. Additionally, in Red Hat OpenShift AI, jsonpath-plus is a dependency of a direct dependency and is never loaded, as the direct dependency\u0027s feature that requires jsonpath-plus is not used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21534" }, { "category": "external", "summary": "RHBZ#2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/issues/226", "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884", "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" } ], "release_date": "2024-10-11T05:00:01.824000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-05-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2284554" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-ip: Incomplete fix for CVE-2023-42282", "title": "Vulnerability summary" }, { "category": "other", "text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29415" }, { "category": "external", "summary": "RHBZ#2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "node-ip: Incomplete fix for CVE-2023-42282" }, { "cve": "CVE-2024-34155", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:06.929766+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310527" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34155" }, { "category": "external", "summary": "RHBZ#2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155" }, { "category": "external", "summary": "https://go.dev/cl/611238", "url": "https://go.dev/cl/611238" }, { "category": "external", "summary": "https://go.dev/issue/69138", "url": "https://go.dev/issue/69138" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3105", "url": "https://pkg.go.dev/vuln/GO-2024-3105" } ], "release_date": "2024-09-06T21:15:11.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45813", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-18T17:20:11.964011+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2313383" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "find-my-way: ReDoS vulnerability in multiparametric routes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45813" }, { "category": "external", "summary": "RHBZ#2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813" }, { "category": "external", "summary": "https://blakeembrey.com/posts/2024-09-web-redos", "url": "https://blakeembrey.com/posts/2024-09-web-redos" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440", "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6", "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6" } ], "release_date": "2024-09-18T17:15:19.163000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "find-my-way: ReDoS vulnerability in multiparametric routes" }, { "cve": "CVE-2024-47875", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-10-11T15:20:07.304345+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2318052" } ], "notes": [ { "category": "description", "text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: nesting-based mutation XSS vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47875" }, { "category": "external", "summary": "RHBZ#2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" } ], "release_date": "2024-10-11T15:15:05.860000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dompurify: nesting-based mutation XSS vulnerability" }, { "cve": "CVE-2024-48949", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2024-10-10T01:00:37.956974+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317724" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.", "title": "Vulnerability description" }, { "category": "summary", "text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification", "title": "Vulnerability summary" }, { "category": "other", "text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-48949" }, { "category": "external", "summary": "RHBZ#2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6" } ], "release_date": "2024-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification" } ] }
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
Title | Publication Time | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2022-0144", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0144" }, { "name": "CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "name": "CVE-2024-37891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891" }, { "name": "CVE-2023-38264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264" }, { "name": "CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "name": "CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "name": "CVE-2024-21144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144" }, { "name": "CVE-2023-25166", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25166" }, { "name": "CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "name": "CVE-2023-46234", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234" }, { "name": "CVE-2023-28856", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28856" }, { "name": "CVE-2021-28169", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169" }, { "name": "CVE-2018-12538", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12538" }, { "name": "CVE-2024-35176", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35176" }, { "name": "CVE-2024-21890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890" }, { "name": "CVE-2024-21896", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896" }, { "name": "CVE-2023-50312", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50312" }, { "name": "CVE-2024-3933", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2024-22025", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025" }, { "name": "CVE-2023-38737", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38737" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2022-36943", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36943" }, { "name": "CVE-2024-43398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-38009", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38009" }, { "name": "CVE-2023-45133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133" }, { "name": "CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "name": "CVE-2023-46809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809" }, { "name": "CVE-2020-27216", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216" }, { "name": "CVE-2019-13224", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13224" }, { "name": "CVE-2022-29622", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29622" }, { "name": "CVE-2021-40690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40690" }, { "name": "CVE-2024-4067", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067" }, { "name": "CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "name": "CVE-2021-43138", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138" }, { "name": "CVE-2023-45145", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45145" }, { "name": "CVE-2024-22019", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019" }, { "name": "CVE-2023-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0842" }, { "name": "CVE-2023-22467", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467" }, { "name": "CVE-2024-21011", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011" }, { "name": "CVE-2024-22329", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329" }, { "name": "CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "name": "CVE-2024-21892", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892" }, { "name": "CVE-2024-21147", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147" }, { "name": "CVE-2022-43383", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43383" }, { "name": "CVE-2019-16163", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16163" }, { "name": "CVE-2024-39908", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908" }, { "name": "CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "name": "CVE-2024-35195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195" }, { "name": "CVE-2024-41946", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946" }, { "name": "CVE-2024-21140", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140" }, { "name": "CVE-2024-21094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2018-12545", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12545" }, { "name": "CVE-2024-5569", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569" }, { "name": "CVE-2023-52428", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428" }, { "name": "CVE-2024-41784", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41784" }, { "name": "CVE-2021-3803", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803" }, { "name": "CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "name": "CVE-2023-41900", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900" }, { "name": "CVE-2024-21138", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138" }, { "name": "CVE-2022-24834", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24834" }, { "name": "CVE-2023-36479", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479" }, { "name": "CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "name": "CVE-2024-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890" }, { "name": "CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "name": "CVE-2024-27270", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270" }, { "name": "CVE-2024-21145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145" }, { "name": "CVE-2024-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891" }, { "name": "CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "name": "CVE-2024-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017" }, { "name": "CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "name": "CVE-2019-10241", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10241" }, { "name": "CVE-2022-24736", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24736" }, { "name": "CVE-2024-25042", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25042" }, { "name": "CVE-2024-34064", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064" }, { "name": "CVE-2020-15168", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15168" }, { "name": "CVE-2023-29262", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29262" }, { "name": "CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "name": "CVE-2024-21085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2022-24735", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24735" }, { "name": "CVE-2024-21131", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131" }, { "name": "CVE-2024-39689", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689" }, { "name": "CVE-2024-41123", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123" }, { "name": "CVE-2019-19012", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19012" }, { "name": "CVE-2024-27267", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267" }, { "name": "CVE-2012-2677", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2677" }, { "name": "CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" }, { "name": "CVE-2021-34428", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428" } ], "initial_release_date": "2024-10-25T00:00:00", "last_revision_date": "2024-10-25T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0923", "revisions": [ { "description": "Version initiale", "revision_date": "2024-10-25T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-10-21", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631", "url": "https://www.ibm.com/support/pages/node/7173631" }, { "published_at": "2024-10-24", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016", "url": "https://www.ibm.com/support/pages/node/7174016" }, { "published_at": "2024-10-24", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015", "url": "https://www.ibm.com/support/pages/node/7174015" }, { "published_at": "2024-10-21", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632", "url": "https://www.ibm.com/support/pages/node/7173632" }, { "published_at": "2024-10-21", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691", "url": "https://www.ibm.com/support/pages/node/7172691" }, { "published_at": "2024-10-21", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692", "url": "https://www.ibm.com/support/pages/node/7172692" }, { "published_at": "2024-10-21", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592", "url": "https://www.ibm.com/support/pages/node/7173592" }, { "published_at": "2024-10-23", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866", "url": "https://www.ibm.com/support/pages/node/7173866" } ] }
CERTFR-2024-AVI-0671
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
SAP | N/A | NetWeaver Application Server (ABAP and Java), Web Dispatcher and Content Server versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.53, 7.77, 7.85, 7.22_EXT, 7.89, 7.54, 7.93, KERNEL 7.22, 7.53, 7.77, 7.85, 7.89, 7.54 et 7.93 sans le dernier correctif de sécurité | ||
SAP | N/A | Build Apps version 4.11.130 sans le dernier correctif de sécurité | ||
SAP | N/A | Permit to Work versions UIS4HOP1 800 et 900 sans le dernier correctif de sécurité | ||
SAP | N/A | CRM ABAP (Insights Management) versions BBPCRM 700, 701, 702, 712, 713 et 714 sans le dernier correctif de sécurité | ||
SAP | N/A | NetWeaver Application Server ABAP versions SAP_UI 754, 755, 756, 757, 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731 et SAP_BASIS 912 sans le dernier correctif de sécurité | ||
SAP | N/A | Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
SAP | N/A | NetWeaver Application Server ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 912 sans le dernier correctif de sécurité | ||
SAP | N/A | BEx Web Java Runtime Export Web Service versions BI-BASE-E 7.5, BI-BASE-B 7.5, BI-IBC 7.5, BI-BASE-S 7.5 et BIWEBAPP 7.5 sans le dernier correctif de sécurité | ||
SAP | N/A | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
SAP | N/A | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
SAP | N/A | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
SAP | N/A | Document Builder versions S4CORE 100, 101, S4FND 102, 103, 104, 105, 106, 107, 108, SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de sécurité | ||
SAP | N/A | Landscape Management version VCM 3.00 sans le dernier correctif de sécurité | ||
SAP | N/A | Business Workflow (WebFlow Services) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
SAP | N/A | Shared Service Framework versions SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de sécurité | ||
SAP | N/A | Business Warehouse - Business Planning and Simulation versions SAP_BW 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et SAP_BW_VIRTUAL_COMP 701 sans le dernier correctif de sécurité | ||
SAP | N/A | Commerce versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
SAP | N/A | NetWeaver AS Java version MMR_SERVER 7.5 sans le dernier correctif de sécurité | ||
SAP | N/A | Bank Account Management (Manage Banks) versions 800 et 900 sans le dernier correctif de sécurité | ||
SAP | N/A | NetWeaver Application Server for ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
SAP | N/A | Commerce Backoffice version HY_COM 2205 sans le dernier correctif de sécurité | ||
SAP | N/A | BW/4HANA Transformation and Data Transfer Process versions DW4CORE 200, 300, 400, 796, SAP_BW 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758 sans le dernier correctif de sécurité | ||
SAP | N/A | BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de sécurité | ||
SAP | N/A | Document Builder versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, SAP_BS_FND 702, SAP_BS_FND 731, SAP_BS_FND 746, SAP_BS_FND 747 et SAP_BS_FND 748 sans le dernier correctif de sécurité |
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "NetWeaver Application Server (ABAP and Java), Web Dispatcher and Content Server versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.53, 7.77, 7.85, 7.22_EXT, 7.89, 7.54, 7.93, KERNEL 7.22, 7.53, 7.77, 7.85, 7.89, 7.54 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Build Apps version 4.11.130 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Permit to Work versions UIS4HOP1 800 et 900 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "CRM ABAP (Insights Management) versions BBPCRM 700, 701, 702, 712, 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "NetWeaver Application Server ABAP versions SAP_UI 754, 755, 756, 757, 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731 et SAP_BASIS 912 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "NetWeaver Application Server ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 912 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "BEx Web Java Runtime Export Web Service versions BI-BASE-E 7.5, BI-BASE-B 7.5, BI-IBC 7.5, BI-BASE-S 7.5 et BIWEBAPP 7.5 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Replication Server versions 16.0.3 et 16.0.4\u00a0 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Document Builder versions S4CORE 100, 101, S4FND 102, 103, 104, 105, 106, 107, 108, SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Landscape Management version VCM 3.00 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Business Workflow (WebFlow Services) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Shared Service Framework versions SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Business Warehouse - Business Planning and Simulation versions SAP_BW 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758 et SAP_BW_VIRTUAL_COMP 701 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Commerce versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "NetWeaver AS Java version MMR_SERVER 7.5 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Bank Account Management (Manage Banks) versions 800 et 900 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "NetWeaver Application Server for ABAP and ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Commerce Backoffice version HY_COM 2205 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "BW/4HANA Transformation and Data Transfer Process versions DW4CORE 200, 300, 400, 796, SAP_BW 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Document Builder versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, SAP_BS_FND 702, SAP_BS_FND 731, SAP_BS_FND 746, SAP_BS_FND 747 et SAP_BS_FND 748 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-37176", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37176" }, { "name": "CVE-2024-41732", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41732" }, { "name": "CVE-2024-34689", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34689" }, { "name": "CVE-2024-33003", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33003" }, { "name": "CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "name": "CVE-2024-41733", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41733" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2024-41734", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41734" }, { "name": "CVE-2024-42373", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42373" }, { "name": "CVE-2024-41737", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41737" }, { "name": "CVE-2024-34683", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34683" }, { "name": "CVE-2024-37180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37180" }, { "name": "CVE-2024-34688", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34688" }, { "name": "CVE-2024-33005", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33005" }, { "name": "CVE-2024-28166", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28166" }, { "name": "CVE-2024-41731", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41731" }, { "name": "CVE-2024-39594", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39594" }, { "name": "CVE-2023-30533", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30533" }, { "name": "CVE-2024-42376", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42376" }, { "name": "CVE-2024-39591", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39591" }, { "name": "CVE-2024-41736", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41736" }, { "name": "CVE-2022-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778" }, { "name": "CVE-2023-0023", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0023" }, { "name": "CVE-2024-42375", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42375" }, { "name": "CVE-2024-39593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39593" }, { "name": "CVE-2024-41730", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41730" }, { "name": "CVE-2024-41735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41735" }, { "name": "CVE-2024-42374", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42374" } ], "initial_release_date": "2024-08-13T00:00:00", "last_revision_date": "2024-08-13T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0671", "revisions": [ { "description": "Version initiale", "revision_date": "2024-08-13T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP", "vendor_advisories": [ { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 SAP august-2024", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html" } ] }
CERTFR-2024-AVI-0646
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Storage Protect | Storage Protect Plus Server versions 10.1.x antérieures à 10.1.16.2 | ||
IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 24.0.0.5 | ||
IBM | VIOS | VIOS version 4.1 avec un fichier openssl.base versions antérieures à 3.0.13.1000 | ||
IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 | ||
IBM | AIX | AIX versions 7.2 et 7.3 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 | ||
IBM | N/A | Sterling Control Center versions 6.3.0 antérieures à 6.3.0.0 iFix06 | ||
IBM | N/A | Sterling Control Center versions 6.2.1 antérieures à 6.2.1.0 iFix13 | ||
IBM | VIOS | VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
IBM | QRadar SIEM | QRadar SIEM versions 7.5.0.x antérieures à 7.5.0 UP9 IF01 |
Title | Publication Time | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.2", "product": { "name": "Storage Protect", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 24.0.0.5 ", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "VIOS version 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 3.0.13.1000", "product": { "name": "VIOS", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX versions 7.2 et 7.3 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000", "product": { "name": "AIX", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Control Center versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.0 iFix06", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Control Center versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.0 iFix13", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000", "product": { "name": "VIOS", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar SIEM versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF01", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-26934", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26934" }, { "name": "CVE-2023-52477", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52477" }, { "name": "CVE-2024-27059", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27059" }, { "name": "CVE-2023-38264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264" }, { "name": "CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "name": "CVE-2024-26897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897" }, { "name": "CVE-2021-47055", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47055" }, { "name": "CVE-2024-35154", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35154" }, { "name": "CVE-2020-36777", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36777" }, { "name": "CVE-2024-27052", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052" }, { "name": "CVE-2023-52425", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425" }, { "name": "CVE-2024-25744", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25744" }, { "name": "CVE-2024-26973", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26973" }, { "name": "CVE-2021-47185", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47185" }, { "name": "CVE-2023-45283", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283" }, { "name": "CVE-2024-23650", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23650" }, { "name": "CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "name": "CVE-2024-26603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26603" }, { "name": "CVE-2024-26964", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26964" }, { "name": "CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "name": "CVE-2024-26993", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993" }, { "name": "CVE-2019-25162", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25162" }, { "name": "CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "name": "CVE-2023-39321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321" }, { "name": "CVE-2023-45285", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285" }, { "name": "CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "name": "CVE-2023-45284", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "name": "CVE-2024-3652", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652" }, { "name": "CVE-2024-26615", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615" }, { "name": "CVE-2024-26643", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26643" }, { "name": "CVE-2024-26779", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26779" }, { "name": "CVE-2024-25026", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026" }, { "name": "CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "name": "CVE-2024-32021", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021" }, { "name": "CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "name": "CVE-2024-24806", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806" }, { "name": "CVE-2024-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23307" }, { "name": "CVE-2023-52528", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52528" }, { "name": "CVE-2024-27048", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27048" }, { "name": "CVE-2021-47013", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47013" }, { "name": "CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "name": "CVE-2024-26593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26593" }, { "name": "CVE-2023-39320", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39320" }, { "name": "CVE-2022-48627", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48627" }, { "name": "CVE-2021-47171", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47171" }, { "name": "CVE-2024-26743", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26743" }, { "name": "CVE-2023-39318", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318" }, { "name": "CVE-2023-6240", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6240" }, { "name": "CVE-2024-32004", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004" }, { "name": "CVE-2021-47118", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47118" }, { "name": "CVE-2024-24788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788" }, { "name": "CVE-2023-51767", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51767" }, { "name": "CVE-2024-21011", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011" }, { "name": "CVE-2024-32020", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020" }, { "name": "CVE-2024-5535", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535" }, { "name": "CVE-2024-22329", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329" }, { "name": "CVE-2019-20372", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2023-29406", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406" }, { "name": "CVE-2023-39319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319" }, { "name": "CVE-2024-32487", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487" }, { "name": "CVE-2024-27056", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27056" }, { "name": "CVE-2024-26642", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26642" }, { "name": "CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "name": "CVE-2021-47153", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47153" }, { "name": "CVE-2023-52439", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52439" }, { "name": "CVE-2024-26610", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26610" }, { "name": "CVE-2024-2357", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2357" }, { "name": "CVE-2024-21094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094" }, { "name": "CVE-2024-26919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26919" }, { "name": "CVE-2023-52445", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52445" }, { "name": "CVE-2024-1394", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1394" }, { "name": "CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "name": "CVE-2024-27014", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27014" }, { "name": "CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "name": "CVE-2024-32465", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465" }, { "name": "CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "name": "CVE-2024-26892", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26892" }, { "name": "CVE-2023-52578", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52578" }, { "name": "CVE-2023-29400", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400" }, { "name": "CVE-2024-24787", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787" }, { "name": "CVE-2022-38096", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38096" }, { "name": "CVE-2021-46934", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46934" }, { "name": "CVE-2023-52598", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52598" }, { "name": "CVE-2024-4603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603" }, { "name": "CVE-2024-26659", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26659" }, { "name": "CVE-2024-26933", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26933" }, { "name": "CVE-2023-46604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604" }, { "name": "CVE-2023-52594", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52594" }, { "name": "CVE-2024-26693", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26693" }, { "name": "CVE-2023-52595", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52595" }, { "name": "CVE-2023-45287", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287" }, { "name": "CVE-2022-48624", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624" }, { "name": "CVE-2024-4741", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741" }, { "name": "CVE-2023-52513", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52513" }, { "name": "CVE-2023-52610", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52610" }, { "name": "CVE-2024-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651" }, { "name": "CVE-2023-39322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322" }, { "name": "CVE-2023-52606", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52606" }, { "name": "CVE-2023-6546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6546" }, { "name": "CVE-2023-2953", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953" }, { "name": "CVE-2024-26872", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26872" }, { "name": "CVE-2024-26901", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26901" }, { "name": "CVE-2024-1086", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1086" }, { "name": "CVE-2024-0565", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0565" }, { "name": "CVE-2023-39323", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323" }, { "name": "CVE-2023-39326", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326" }, { "name": "CVE-2024-21085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085" }, { "name": "CVE-2023-29409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "name": "CVE-2024-0340", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0340" }, { "name": "CVE-2024-26744", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26744" }, { "name": "CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "name": "CVE-2024-32002", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002" }, { "name": "CVE-2022-48669", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48669" }, { "name": "CVE-2023-52565", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52565" }, { "name": "CVE-2023-52520", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52520" }, { "name": "CVE-2024-26694", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26694" }, { "name": "CVE-2024-26664", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26664" }, { "name": "CVE-2024-24784", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784" }, { "name": "CVE-2023-52607", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52607" }, { "name": "CVE-2018-25091", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25091" }, { "name": "CVE-2023-6931", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6931" } ], "initial_release_date": "2024-08-02T00:00:00", "last_revision_date": "2024-08-02T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0646", "revisions": [ { "description": "Version initiale", "revision_date": "2024-08-02T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-07-29", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161679", "url": "https://www.ibm.com/support/pages/node/7161679" }, { "published_at": "2024-07-26", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161667", "url": "https://www.ibm.com/support/pages/node/7161667" }, { "published_at": "2024-07-30", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161954", "url": "https://www.ibm.com/support/pages/node/7161954" }, { "published_at": "2024-07-30", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7162032", "url": "https://www.ibm.com/support/pages/node/7162032" }, { "published_at": "2024-07-12", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160144", "url": "https://www.ibm.com/support/pages/node/7160144" }, { "published_at": "2024-07-31", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7162077", "url": "https://www.ibm.com/support/pages/node/7162077" } ] }
CERTFR-2024-AVI-0692
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | QRadar | Security QRadar EDR versions 3.12.x antérieures à 3.12.10 | ||
IBM | WebSphere | IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions antérieures à 8 Service Refresh 8 FP30 | ||
IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.2.x à 7.5.x antérieures à 7.5.3 | ||
IBM | Db2 | Db2 versions 11.5.x sans le dernier correctif de sécurité | ||
IBM | AIX | AIX version 7.3 avec un version de Python 3.9 antérieure à 3.9.19.2 | ||
IBM | QRadar SIEM | QRadar Suite versions 1.10.x antérieures à 1.10.24.0 | ||
IBM | VIOS | VIOS version 4.1 avec un version de Python 3.9 antérieure à 3.9.19.2 | ||
IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x antérieures à 8.5.5.11 ou sans le correctif de sécurité temporaire PH62458 | ||
IBM | Sterling Connect:Direct | Sterling Control Center versions 6.2.x antérieures à 6.2.1.0 GA iFix13 | ||
IBM | Sterling Connect:Direct | Sterling Control Center versions 6.3.x antérieures à 6.3.1.0 GA iFix02 | ||
IBM | Cognos Analytics | Cognos Dashboards on Cloud Pak for Data versions antérieures à 5.0.0 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.10", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Application Server version 9.0 avec Java Technology Edition versions ant\u00e9rieures \u00e0 8 Service Refresh 8 FP30", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 Big SQL on Cloud Pak for Data versions 7.2.x \u00e0 7.5.x ant\u00e9rieures \u00e0 7.5.3", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 versions 11.5.x sans le dernier correctif de s\u00e9curit\u00e9 ", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX version 7.3 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2", "product": { "name": "AIX", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Suite versions 1.10.x ant\u00e9rieures \u00e0 1.10.24.0", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } }, { "description": "VIOS version 4.1 avec un version de Python 3.9 ant\u00e9rieure \u00e0 3.9.19.2", "product": { "name": "VIOS", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.11 ou sans le correctif de s\u00e9curit\u00e9 temporaire PH62458", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Control Center versions 6.2.x ant\u00e9rieures \u00e0 6.2.1.0 GA iFix13", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Control Center versions 6.3.x ant\u00e9rieures \u00e0 6.3.1.0 GA iFix02", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0.0", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "name": "CVE-2024-37891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891" }, { "name": "CVE-2024-21144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144" }, { "name": "CVE-2023-23613", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23613" }, { "name": "CVE-2024-33602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2024-39008", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39008" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-22353", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353" }, { "name": "CVE-2023-29256", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256" }, { "name": "CVE-2024-21890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890" }, { "name": "CVE-2024-21896", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896" }, { "name": "CVE-2023-30431", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431" }, { "name": "CVE-2023-32067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067" }, { "name": "CVE-2024-25024", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25024" }, { "name": "CVE-2024-22361", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361" }, { "name": "CVE-2024-22025", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-35012", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012" }, { "name": "CVE-2023-4807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807" }, { "name": "CVE-2023-30443", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2023-27869", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869" }, { "name": "CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "name": "CVE-2023-25193", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193" }, { "name": "CVE-2024-33600", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600" }, { "name": "CVE-2023-30446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-46809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46809" }, { "name": "CVE-2024-33599", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599" }, { "name": "CVE-2024-25629", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629" }, { "name": "CVE-2023-27868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868" }, { "name": "CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "name": "CVE-2024-37168", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37168" }, { "name": "CVE-2024-28176", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2022-41917", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41917" }, { "name": "CVE-2024-22019", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22019" }, { "name": "CVE-2024-22233", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22233" }, { "name": "CVE-2023-30445", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445" }, { "name": "CVE-2023-30447", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447" }, { "name": "CVE-2024-21634", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634" }, { "name": "CVE-2023-30442", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442" }, { "name": "CVE-2024-27983", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983" }, { "name": "CVE-2024-30261", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30261" }, { "name": "CVE-2023-27867", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2024-21892", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21892" }, { "name": "CVE-2024-21147", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147" }, { "name": "CVE-2024-27982", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982" }, { "name": "CVE-2024-21140", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140" }, { "name": "CVE-2024-33601", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2023-30448", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448" }, { "name": "CVE-2024-25062", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2023-27558", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558" }, { "name": "CVE-2024-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890" }, { "name": "CVE-2023-30449", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449" }, { "name": "CVE-2023-2004", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2004" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2022-36046", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36046" }, { "name": "CVE-2024-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "name": "CVE-2024-20932", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932" }, { "name": "CVE-2024-30260", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30260" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2024-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2023-23487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487" }, { "name": "CVE-2024-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651" }, { "name": "CVE-2024-34064", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064" }, { "name": "CVE-2023-31130", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-28799", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28799" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2024-2961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961" }, { "name": "CVE-2024-27267", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267" }, { "name": "CVE-2024-28182", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2023-23612", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23612" }, { "name": "CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" } ], "initial_release_date": "2024-08-16T00:00:00", "last_revision_date": "2024-08-16T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0692", "revisions": [ { "description": "Version initiale", "revision_date": "2024-08-16T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-08-11", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165247", "url": "https://www.ibm.com/support/pages/node/7165247" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165360", "url": "https://www.ibm.com/support/pages/node/7165360" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165340", "url": "https://www.ibm.com/support/pages/node/7165340" }, { "published_at": "2024-08-12", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165344", "url": "https://www.ibm.com/support/pages/node/7165344" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165423", "url": "https://www.ibm.com/support/pages/node/7165423" }, { "published_at": "2024-08-12", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165284", "url": "https://www.ibm.com/support/pages/node/7165284" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165362", "url": "https://www.ibm.com/support/pages/node/7165362" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165364", "url": "https://www.ibm.com/support/pages/node/7165364" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165363", "url": "https://www.ibm.com/support/pages/node/7165363" }, { "published_at": "2024-08-14", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165488", "url": "https://www.ibm.com/support/pages/node/7165488" }, { "published_at": "2024-08-16", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7165685", "url": "https://www.ibm.com/support/pages/node/7165685" } ] }
CERTFR-2025-AVI-0106
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Cognos Analytics | Cognos Analytics versions 12.x antérieures à 12.0.4 IF2 | ||
IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.15 | ||
IBM | Db2 | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 à 4.8 antérieures à v4.8.8 | ||
IBM | Security QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 |
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.4 IF2", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.15", "product": { "name": "Security QRadar EDR", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 \u00e0 4.8 ant\u00e9rieures \u00e0 v4.8.8", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11", "product": { "name": "Security QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2023-29483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483" }, { "name": "CVE-2023-7104", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104" }, { "name": "CVE-2020-21469", "url": "https://www.cve.org/CVERecord?id=CVE-2020-21469" }, { "name": "CVE-2024-45020", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45020" }, { "name": "CVE-2024-46826", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46826" }, { "name": "CVE-2024-42070", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42070" }, { "name": "CVE-2023-51714", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51714" }, { "name": "CVE-2021-47366", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47366" }, { "name": "CVE-2024-41093", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41093" }, { "name": "CVE-2021-21409", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409" }, { "name": "CVE-2024-36361", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36361" }, { "name": "CVE-2024-35939", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35939" }, { "name": "CVE-2024-41009", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41009" }, { "name": "CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "name": "CVE-2019-9641", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9641" }, { "name": "CVE-2022-21426", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426" }, { "name": "CVE-2024-39503", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39503" }, { "name": "CVE-2024-50268", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50268" }, { "name": "CVE-2024-42292", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42292" }, { "name": "CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "name": "CVE-2016-2193", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2193" }, { "name": "CVE-2024-42284", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284" }, { "name": "CVE-2024-43788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788" }, { "name": "CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "name": "CVE-2024-26961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26961" }, { "name": "CVE-2024-38608", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38608" }, { "name": "CVE-2024-50275", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50275" }, { "name": "CVE-2024-49352", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49352" }, { "name": "CVE-2023-37920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920" }, { "name": "CVE-2024-40924", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40924" }, { "name": "CVE-2024-22353", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353" }, { "name": "CVE-2020-20703", "url": "https://www.cve.org/CVERecord?id=CVE-2020-20703" }, { "name": "CVE-2024-50125", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50125" }, { "name": "CVE-2022-48968", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48968" }, { "name": "CVE-2024-47715", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47715" }, { "name": "CVE-2024-26976", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26976" }, { "name": "CVE-2024-56326", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326" }, { "name": "CVE-2024-50267", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50267" }, { "name": "CVE-2019-9638", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9638" }, { "name": "CVE-2022-49016", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49016" }, { "name": "CVE-2023-52492", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52492" }, { "name": "CVE-2023-5868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868" }, { "name": "CVE-2019-9639", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9639" }, { "name": "CVE-2023-28154", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28154" }, { "name": "CVE-2024-27062", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27062" }, { "name": "CVE-2024-35839", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35839" }, { "name": "CVE-2024-49977", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49977" }, { "name": "CVE-2024-43889", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43889" }, { "name": "CVE-2019-20444", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2024-46820", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46820" }, { "name": "CVE-2024-45018", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45018" }, { "name": "CVE-2024-33883", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883" }, { "name": "CVE-2024-43880", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43880" }, { "name": "CVE-2024-26615", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615" }, { "name": "CVE-2024-50130", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50130" }, { "name": "CVE-2024-4317", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4317" }, { "name": "CVE-2024-25026", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026" }, { "name": "CVE-2024-38586", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38586" }, { "name": "CVE-2024-53047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53047" }, { "name": "CVE-2024-31141", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31141" }, { "name": "CVE-2023-5870", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870" }, { "name": "CVE-2024-4067", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067" }, { "name": "CVE-2024-45769", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45769" }, { "name": "CVE-2024-10977", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977" }, { "name": "CVE-2024-27017", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27017" }, { "name": "CVE-2018-20506", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20506" }, { "name": "CVE-2018-20346", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20346" }, { "name": "CVE-2024-46845", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46845" }, { "name": "CVE-2024-40983", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40983" }, { "name": "CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "name": "CVE-2023-5869", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869" }, { "name": "CVE-2022-49003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-49003" }, { "name": "CVE-2024-42079", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42079" }, { "name": "CVE-2024-35898", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35898" }, { "name": "CVE-2024-43854", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43854" }, { "name": "CVE-2024-44935", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44935" }, { "name": "CVE-2024-50124", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50124" }, { "name": "CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "name": "CVE-2024-49875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49875" }, { "name": "CVE-2019-9020", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9020" }, { "name": "CVE-2024-41066", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41066" }, { "name": "CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "name": "CVE-2019-9023", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9023" }, { "name": "CVE-2024-7348", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7348" }, { "name": "CVE-2024-42244", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42244" }, { "name": "CVE-2024-10976", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976" }, { "name": "CVE-2024-41942", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41942" }, { "name": "CVE-2021-21295", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295" }, { "name": "CVE-2024-45770", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45770" }, { "name": "CVE-2024-26851", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26851" }, { "name": "CVE-2022-48773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48773" }, { "name": "CVE-2019-12900", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900" }, { "name": "CVE-2024-50282", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50282" }, { "name": "CVE-2024-24857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24857" }, { "name": "CVE-2024-49866", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49866" }, { "name": "CVE-2024-49949", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49949" }, { "name": "CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "name": "CVE-2024-56201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201" }, { "name": "CVE-2024-41092", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41092" }, { "name": "CVE-2024-5569", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569" }, { "name": "CVE-2024-29736", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29736" }, { "name": "CVE-2019-9021", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9021" }, { "name": "CVE-2024-27268", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268" }, { "name": "CVE-2024-47535", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535" }, { "name": "CVE-2022-21434", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434" }, { "name": "CVE-2024-41042", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41042" }, { "name": "CVE-2023-2454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454" }, { "name": "CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "name": "CVE-2024-10041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041" }, { "name": "CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "name": "CVE-2024-43892", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43892" }, { "name": "CVE-2024-50252", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50252" }, { "name": "CVE-2024-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890" }, { "name": "CVE-2024-47668", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47668" }, { "name": "CVE-2017-15010", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15010" }, { "name": "CVE-2023-52921", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52921" }, { "name": "CVE-2024-53677", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53677" }, { "name": "CVE-2024-10978", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978" }, { "name": "CVE-2024-53140", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53140" }, { "name": "CVE-2024-50602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602" }, { "name": "CVE-2023-2455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455" }, { "name": "CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "name": "CVE-2019-20478", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20478" }, { "name": "CVE-2024-0985", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985" }, { "name": "CVE-2024-38541", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541" }, { "name": "CVE-2024-40984", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40984" }, { "name": "CVE-2023-52922", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922" }, { "name": "CVE-2024-50274", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50274" }, { "name": "CVE-2024-38540", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540" }, { "name": "CVE-2021-21290", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290" }, { "name": "CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "name": "CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "name": "CVE-2024-53064", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53064" }, { "name": "CVE-2023-50314", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50314" }, { "name": "CVE-2023-52917", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52917" }, { "name": "CVE-2023-26136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136" }, { "name": "CVE-2024-44990", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44990" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2024-42301", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42301" }, { "name": "CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "name": "CVE-2024-22354", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354" }, { "name": "CVE-2024-50279", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50279" }, { "name": "CVE-2022-21476", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21476" }, { "name": "CVE-2019-16869", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869" }, { "name": "CVE-2022-23491", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491" }, { "name": "CVE-2022-21541", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21541" }, { "name": "CVE-2024-26924", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26924" }, { "name": "CVE-2022-21540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21540" }, { "name": "CVE-2024-44989", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44989" }, { "name": "CVE-2018-20505", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20505" }, { "name": "CVE-2024-32007", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32007" }, { "name": "CVE-2024-10979", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979" }, { "name": "CVE-2019-20445", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445" }, { "name": "CVE-2024-40961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961" } ], "initial_release_date": "2025-02-07T00:00:00", "last_revision_date": "2025-02-07T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0106", "revisions": [ { "description": "Version initiale", "revision_date": "2025-02-07T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2025-02-04", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182424", "url": "https://www.ibm.com/support/pages/node/7182424" }, { "published_at": "2025-02-03", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182335", "url": "https://www.ibm.com/support/pages/node/7182335" }, { "published_at": "2025-02-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7181898", "url": "https://www.ibm.com/support/pages/node/7181898" }, { "published_at": "2025-02-04", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7181480", "url": "https://www.ibm.com/support/pages/node/7181480" }, { "published_at": "2025-02-05", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182696", "url": "https://www.ibm.com/support/pages/node/7182696" } ] }
CERTFR-2024-AVI-0630
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Title | Publication Time | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.14", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.0", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Network Packet Capture versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 Update Package 8", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2023-40217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217" }, { "name": "CVE-2018-3721", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721" }, { "name": "CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "name": "CVE-2024-28834", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834" }, { "name": "CVE-2021-23364", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23364" }, { "name": "CVE-2023-51385", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385" }, { "name": "CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "name": "CVE-2023-38546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546" }, { "name": "CVE-2024-33602", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602" }, { "name": "CVE-2023-3817", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817" }, { "name": "CVE-2021-23436", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23436" }, { "name": "CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "name": "CVE-2023-36632", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "name": "CVE-2023-45133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133" }, { "name": "CVE-2024-33600", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600" }, { "name": "CVE-2023-4813", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813" }, { "name": "CVE-2024-33599", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599" }, { "name": "CVE-2016-10540", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10540" }, { "name": "CVE-2020-28477", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28477" }, { "name": "CVE-2023-5981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981" }, { "name": "CVE-2024-4067", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067" }, { "name": "CVE-2022-43441", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43441" }, { "name": "CVE-2021-43138", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138" }, { "name": "CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "name": "CVE-2023-0842", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0842" }, { "name": "CVE-2024-27983", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983" }, { "name": "CVE-2022-37601", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601" }, { "name": "CVE-2024-27982", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982" }, { "name": "CVE-2023-3341", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341" }, { "name": "CVE-2023-5156", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156" }, { "name": "CVE-2024-0553", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553" }, { "name": "CVE-2023-3609", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3609" }, { "name": "CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "name": "CVE-2024-33601", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601" }, { "name": "CVE-2024-27088", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27088" }, { "name": "CVE-2023-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, { "name": "CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "name": "CVE-2021-24033", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24033" }, { "name": "CVE-2024-28863", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863" }, { "name": "CVE-2024-31905", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31905" }, { "name": "CVE-2023-4806", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806" }, { "name": "CVE-2018-16487", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16487" }, { "name": "CVE-2021-42740", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42740" }, { "name": "CVE-2016-10538", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10538" }, { "name": "CVE-2023-35001", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001" }, { "name": "CVE-2024-28835", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28835" }, { "name": "CVE-2023-32233", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2023-39615", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615" }, { "name": "CVE-2023-3446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446" }, { "name": "CVE-2023-0361", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0361" }, { "name": "CVE-2023-5678", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678" }, { "name": "CVE-2024-2961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961" }, { "name": "CVE-2024-0567", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0567" }, { "name": "CVE-2021-3757", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3757" } ], "initial_release_date": "2024-07-26T00:00:00", "last_revision_date": "2024-07-26T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0630", "revisions": [ { "description": "Version initiale", "revision_date": "2024-07-26T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar", "vendor_advisories": [ { "published_at": "2024-07-24", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161462", "url": "https://www.ibm.com/support/pages/node/7161462" }, { "published_at": "2024-07-23", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160961", "url": "https://www.ibm.com/support/pages/node/7160961" }, { "published_at": "2024-07-22", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160858", "url": "https://www.ibm.com/support/pages/node/7160858" } ] }
NCSC-2024-0333
Vulnerability from csaf_ncscnl
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "SAP heeft kwetsbaarheden verholpen in diverse producten als SAP Business Objects, SAP HANA, Netweaver en Document Builder.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Server Side Request Forgery (SSRF)\n- Cross-Site Scripting (XSS)\n- Omzeilen van authenticatie\n- Omzeilen van beveiligingsmaatregel\n- Manipulatie van gegevens\n- Toegang tot gevoelige gegevens", "title": "Interpretaties" }, { "category": "description", "text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen in de kwetsbare producten. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "Incorrect Type Conversion or Cast", "title": "CWE-704" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "title": "CWE-835" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "XML Injection (aka Blind XPath Injection)", "title": "CWE-91" }, { "category": "general", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - certbundde", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html" } ], "title": "Kwetsbaarheden verholpen in SAP producten", "tracking": { "current_release_date": "2024-08-13T13:47:02.764070Z", "id": "NCSC-2024-0333", "initial_release_date": "2024-08-13T13:47:02.764070Z", "revision_history": [ { "date": "2024-08-13T13:47:02.764070Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614277", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-b_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614276", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-e_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614279", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-s_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614278", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-ibc_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614280", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:biwebapp_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1464457", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1464458", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:440:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1475737", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1614275", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:enterprise_430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_backoffice", "product": { "name": "sap_commerce_backoffice", "product_id": "CSAFPID-1614262", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_backoffice:hy_com_2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614269", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:1811:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614270", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:1905:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614271", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2005:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614273", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2011:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614272", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614274", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1548429", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:com_cloud_2211:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614268", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:hy_com_1808:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce", "product": { "name": "sap_commerce", "product_id": "CSAFPID-1495976", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce:com_cloud_2211:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce", "product": { "name": "sap_commerce", "product_id": "CSAFPID-1495975", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce:hy_com_2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614238", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614239", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614240", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:712:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614241", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:713:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614242", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:714:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614237", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:bbpcrm_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1475725", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_102:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614203", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_103:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614204", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_104:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614205", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614206", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_106:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614207", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_107:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614208", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_108:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1475732", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614209", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614210", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614211", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614212", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614255", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614256", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614260", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.54:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614257", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.77:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614258", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.85:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614259", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.89:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614261", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.93:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614243", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64nuc_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614244", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64nuc_7.22ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614245", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614246", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.22ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614247", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614251", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.22_ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614248", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614253", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.54:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614249", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.77:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614250", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.85:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614252", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.89:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614254", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.93:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465636", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614223", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614224", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465639", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465640", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_740:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465641", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_750:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465642", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_751:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465643", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_752:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465644", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_753:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465645", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_754:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465646", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_755:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465647", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_756:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465648", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_757:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614225", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_758:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614226", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_912:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1559117", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:755:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1559118", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:756:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614230", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:757:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614231", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:758:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614232", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614233", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614234", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614235", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614236", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614229", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_ui_754:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_permit_to_work", "product": { "name": "sap_permit_to_work", "product_id": "CSAFPID-1614228", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_permit_to_work:900:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_permit_to_work", "product": { "name": "sap_permit_to_work", "product_id": "CSAFPID-1614227", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_permit_to_work:uis4hop1_800:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614264", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614265", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614266", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614267", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614263", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614213", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:617:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614214", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:618:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614215", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:802:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614216", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:803:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614217", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:804:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614218", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:805:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614219", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:806:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614220", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:807:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614221", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:808:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "sap_se" }, { "branches": [ { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-55201", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-55202", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-955724", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:440:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "commerce_backoffice", "product": { "name": "commerce_backoffice", "product_id": "CSAFPID-1614815", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:commerce_backoffice:2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1611687", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614517", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614513", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614515", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614521", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614522", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614520", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1611685", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614518", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614519", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614516", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614514", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap", "product": { "name": "sap", "product_id": "CSAFPID-1498297", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:sap:-:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1614510", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475930", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475932", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475933", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475927", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475931", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475928", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475934", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475929", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "sap" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-0778", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "notes": [ { "category": "other", "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "title": "CWE-835" } ], "references": [ { "category": "self", "summary": "CVE-2022-0778", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0778.json" } ], "title": "CVE-2022-0778" }, { "cve": "CVE-2023-0215", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" } ], "references": [ { "category": "self", "summary": "CVE-2023-0215", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0215.json" } ], "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-704", "name": "Incorrect Type Conversion or Cast" }, "notes": [ { "category": "other", "text": "Incorrect Type Conversion or Cast", "title": "CWE-704" }, { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "references": [ { "category": "self", "summary": "CVE-2023-0286", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0286.json" } ], "title": "CVE-2023-0286" }, { "cve": "CVE-2023-30533", "references": [ { "category": "self", "summary": "CVE-2023-30533", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30533.json" } ], "title": "CVE-2023-30533" }, { "cve": "CVE-2024-28166", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-28166", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28166.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-28166" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "references": [ { "category": "self", "summary": "CVE-2024-29415", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29415.json" } ], "title": "CVE-2024-29415" }, { "cve": "CVE-2024-33003", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1614268", "CSAFPID-1614269", "CSAFPID-1614270", "CSAFPID-1614271", "CSAFPID-1614272", "CSAFPID-1614273", "CSAFPID-1614274", "CSAFPID-1548429", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-33003", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33003.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614268", "CSAFPID-1614269", "CSAFPID-1614270", "CSAFPID-1614271", "CSAFPID-1614272", "CSAFPID-1614273", "CSAFPID-1614274", "CSAFPID-1548429", "CSAFPID-1498297" ] } ], "title": "CVE-2024-33003" }, { "cve": "CVE-2024-33005", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614243", "CSAFPID-1614244", "CSAFPID-1614245", "CSAFPID-1614246", "CSAFPID-1614247", "CSAFPID-1614248", "CSAFPID-1614249", "CSAFPID-1614250", "CSAFPID-1614251", "CSAFPID-1614252", "CSAFPID-1614253", "CSAFPID-1614254", "CSAFPID-1614255", "CSAFPID-1614256", "CSAFPID-1614257", "CSAFPID-1614258", "CSAFPID-1614259", "CSAFPID-1614260", "CSAFPID-1614261", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-33005", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33005.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614243", "CSAFPID-1614244", "CSAFPID-1614245", "CSAFPID-1614246", "CSAFPID-1614247", "CSAFPID-1614248", "CSAFPID-1614249", "CSAFPID-1614250", "CSAFPID-1614251", "CSAFPID-1614252", "CSAFPID-1614253", "CSAFPID-1614254", "CSAFPID-1614255", "CSAFPID-1614256", "CSAFPID-1614257", "CSAFPID-1614258", "CSAFPID-1614259", "CSAFPID-1614260", "CSAFPID-1614261", "CSAFPID-1498297" ] } ], "title": "CVE-2024-33005" }, { "cve": "CVE-2024-39591", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1475725", "CSAFPID-1614203", "CSAFPID-1614204", "CSAFPID-1614205", "CSAFPID-1614206", "CSAFPID-1614207", "CSAFPID-1614208", "CSAFPID-1475732", "CSAFPID-1614209", "CSAFPID-1614210", "CSAFPID-1614211", "CSAFPID-1614212", "CSAFPID-1611687", "CSAFPID-1611685", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-39591", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39591.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1475725", "CSAFPID-1614203", "CSAFPID-1614204", "CSAFPID-1614205", "CSAFPID-1614206", "CSAFPID-1614207", "CSAFPID-1614208", "CSAFPID-1475732", "CSAFPID-1614209", "CSAFPID-1614210", "CSAFPID-1614211", "CSAFPID-1614212", "CSAFPID-1611687", "CSAFPID-1611685", "CSAFPID-1498297" ] } ], "title": "CVE-2024-39591" }, { "cve": "CVE-2024-41730", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614275", "CSAFPID-1464458", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41730", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41730.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614275", "CSAFPID-1464458", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41730" }, { "cve": "CVE-2024-41731", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41731", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41731.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41731" }, { "cve": "CVE-2024-41732", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" } ], "product_status": { "known_affected": [ "CSAFPID-1614229", "CSAFPID-1559117", "CSAFPID-1559118", "CSAFPID-1614230", "CSAFPID-1614231", "CSAFPID-1614232", "CSAFPID-1614233", "CSAFPID-1614234", "CSAFPID-1614235", "CSAFPID-1614236", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41732", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41732.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614229", "CSAFPID-1559117", "CSAFPID-1559118", "CSAFPID-1614230", "CSAFPID-1614231", "CSAFPID-1614232", "CSAFPID-1614233", "CSAFPID-1614234", "CSAFPID-1614235", "CSAFPID-1614236", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41732" }, { "cve": "CVE-2024-41733", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1495975", "CSAFPID-1495976", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41733", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41733.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1495975", "CSAFPID-1495976", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41733" }, { "cve": "CVE-2024-41734", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1465636", "CSAFPID-1614223", "CSAFPID-1614224", "CSAFPID-1465639", "CSAFPID-1465640", "CSAFPID-1465641", "CSAFPID-1465642", "CSAFPID-1465643", "CSAFPID-1465644", "CSAFPID-1465645", "CSAFPID-1465646", "CSAFPID-1465647", "CSAFPID-1465648", "CSAFPID-1614225", "CSAFPID-1614226", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41734", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41734.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1465636", "CSAFPID-1614223", "CSAFPID-1614224", "CSAFPID-1465639", "CSAFPID-1465640", "CSAFPID-1465641", "CSAFPID-1465642", "CSAFPID-1465643", "CSAFPID-1465644", "CSAFPID-1465645", "CSAFPID-1465646", "CSAFPID-1465647", "CSAFPID-1465648", "CSAFPID-1614225", "CSAFPID-1614226", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41734" }, { "cve": "CVE-2024-41735", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" } ], "product_status": { "known_affected": [ "CSAFPID-1614262", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41735", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41735.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614262", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41735" }, { "cve": "CVE-2024-41736", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1614227", "CSAFPID-1614228", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41736", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41736.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614227", "CSAFPID-1614228", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41736" }, { "cve": "CVE-2024-41737", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "product_status": { "known_affected": [ "CSAFPID-1614237", "CSAFPID-1614238", "CSAFPID-1614239", "CSAFPID-1614240", "CSAFPID-1614241", "CSAFPID-1614242", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41737", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41737.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614237", "CSAFPID-1614238", "CSAFPID-1614239", "CSAFPID-1614240", "CSAFPID-1614241", "CSAFPID-1614242", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41737" }, { "cve": "CVE-2024-42373", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614213", "CSAFPID-1614214", "CSAFPID-1614215", "CSAFPID-1614216", "CSAFPID-1614217", "CSAFPID-1614218", "CSAFPID-1614219", "CSAFPID-1614220", "CSAFPID-1614221", "CSAFPID-1475927", "CSAFPID-1475928", "CSAFPID-1475929", "CSAFPID-1475930", "CSAFPID-1475931", "CSAFPID-1475932", "CSAFPID-1475933", "CSAFPID-1475934", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42373", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42373.json" } ], "title": "CVE-2024-42373" }, { "cve": "CVE-2024-42374", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "notes": [ { "category": "other", "text": "XML Injection (aka Blind XPath Injection)", "title": "CWE-91" } ], "product_status": { "known_affected": [ "CSAFPID-1614276", "CSAFPID-1614277", "CSAFPID-1614278", "CSAFPID-1614279", "CSAFPID-1614280", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42374", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42374.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614276", "CSAFPID-1614277", "CSAFPID-1614278", "CSAFPID-1614279", "CSAFPID-1614280", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42374" }, { "cve": "CVE-2024-42375", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42375", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42375.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42375" }, { "cve": "CVE-2024-42376", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614263", "CSAFPID-1614264", "CSAFPID-1614265", "CSAFPID-1614266", "CSAFPID-1614267", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42376", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42376.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614263", "CSAFPID-1614264", "CSAFPID-1614265", "CSAFPID-1614266", "CSAFPID-1614267", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42376" } ] }
ncsc-2024-0333
Vulnerability from csaf_ncscnl
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "SAP heeft kwetsbaarheden verholpen in diverse producten als SAP Business Objects, SAP HANA, Netweaver en Document Builder.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Server Side Request Forgery (SSRF)\n- Cross-Site Scripting (XSS)\n- Omzeilen van authenticatie\n- Omzeilen van beveiligingsmaatregel\n- Manipulatie van gegevens\n- Toegang tot gevoelige gegevens", "title": "Interpretaties" }, { "category": "description", "text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen in de kwetsbare producten. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "Incorrect Type Conversion or Cast", "title": "CWE-704" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "title": "CWE-835" }, { "category": "general", "text": "Missing Authorization", "title": "CWE-862" }, { "category": "general", "text": "XML Injection (aka Blind XPath Injection)", "title": "CWE-91" }, { "category": "general", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - certbundde", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html" } ], "title": "Kwetsbaarheden verholpen in SAP producten", "tracking": { "current_release_date": "2024-08-13T13:47:02.764070Z", "id": "NCSC-2024-0333", "initial_release_date": "2024-08-13T13:47:02.764070Z", "revision_history": [ { "date": "2024-08-13T13:47:02.764070Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614277", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-b_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614276", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-e_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614279", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-base-s_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614278", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:bi-ibc_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_bex_web_java_runtime_export_web_service", "product": { "name": "sap_bex_web_java_runtime_export_web_service", "product_id": "CSAFPID-1614280", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_bex_web_java_runtime_export_web_service:biwebapp_7.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1464457", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1464458", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:440:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1475737", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_businessobjects_business_intelligence_platform", "product": { "name": "sap_businessobjects_business_intelligence_platform", "product_id": "CSAFPID-1614275", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:enterprise_430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_backoffice", "product": { "name": "sap_commerce_backoffice", "product_id": "CSAFPID-1614262", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_backoffice:hy_com_2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614269", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:1811:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614270", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:1905:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614271", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2005:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614273", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2011:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614272", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614274", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1548429", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:com_cloud_2211:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce_cloud", "product": { "name": "sap_commerce_cloud", "product_id": "CSAFPID-1614268", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce_cloud:hy_com_1808:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce", "product": { "name": "sap_commerce", "product_id": "CSAFPID-1495976", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce:com_cloud_2211:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_commerce", "product": { "name": "sap_commerce", "product_id": "CSAFPID-1495975", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_commerce:hy_com_2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614238", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614239", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614240", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:712:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614241", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:713:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614242", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:714:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_crm_abap__insights_management_", "product": { "name": "sap_crm_abap__insights_management_", "product_id": "CSAFPID-1614237", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_crm_abap__insights_management_:bbpcrm_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1475725", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_102:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614203", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_103:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614204", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_104:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614205", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614206", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_106:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614207", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_107:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614208", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:s4fnd_108:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1475732", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614209", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614210", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614211", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_document_builder", "product": { "name": "sap_document_builder", "product_id": "CSAFPID-1614212", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614255", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614256", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614260", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.54:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614257", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.77:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614258", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.85:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614259", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.89:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614261", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:kernel_7.93:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614243", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64nuc_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614244", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64nuc_7.22ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614245", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614246", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.22ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614247", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:krnl64uc_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614251", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.22_ext:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614248", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.53:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614253", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.54:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614249", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.77:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614250", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.85:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614252", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.89:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product": { "name": "sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server", "product_id": "CSAFPID-1614254", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server__abap_and_java__sap_web_dispatcher_and_sap_content_server:webdisp_7.93:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465636", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614223", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614224", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465639", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465640", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_740:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465641", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_750:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465642", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_751:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465643", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_752:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465644", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_753:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465645", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_754:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465646", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_755:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465647", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_756:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1465648", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_757:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614225", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_758:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap_and_abap_platform", "product": { "name": "sap_netweaver_application_server_abap_and_abap_platform", "product_id": "CSAFPID-1614226", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap_and_abap_platform:sap_basis_912:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1559117", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:755:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1559118", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:756:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614230", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:757:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614231", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:758:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614232", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614233", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614234", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614235", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614236", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_netweaver_application_server_abap", "product": { "name": "sap_netweaver_application_server_abap", "product_id": "CSAFPID-1614229", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_abap:sap_ui_754:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_permit_to_work", "product": { "name": "sap_permit_to_work", "product_id": "CSAFPID-1614228", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_permit_to_work:900:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_permit_to_work", "product": { "name": "sap_permit_to_work", "product_id": "CSAFPID-1614227", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_permit_to_work:uis4hop1_800:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614264", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614265", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614266", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614267", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_shared_service_framework", "product": { "name": "sap_shared_service_framework", "product_id": "CSAFPID-1614263", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_shared_service_framework:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614213", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:617:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614214", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:618:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614215", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:802:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614216", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:803:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614217", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:804:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614218", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:805:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614219", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:806:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614220", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:807:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap_student_life_cycle_management__slcm_", "product": { "name": "sap_student_life_cycle_management__slcm_", "product_id": "CSAFPID-1614221", "product_identification_helper": { "cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:808:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "sap_se" }, { "branches": [ { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-55201", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-55202", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "businessobjects_business_intelligence_platform", "product": { "name": "businessobjects_business_intelligence_platform", "product_id": "CSAFPID-955724", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:440:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "commerce_backoffice", "product": { "name": "commerce_backoffice", "product_id": "CSAFPID-1614815", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:commerce_backoffice:2205:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1611687", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_102:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614517", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_103:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614513", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_104:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614515", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_105:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614521", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_106:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614522", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_107:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614520", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:s4fnd_108:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1611685", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_702:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614518", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_731:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614519", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_746:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614516", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_747:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "document_builder", "product": { "name": "document_builder", "product_id": "CSAFPID-1614514", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:document_builder:sap_bs_fnd_748:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "sap", "product": { "name": "sap", "product_id": "CSAFPID-1498297", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:sap:-:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1614510", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475930", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475932", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475933", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475927", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475931", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475928", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475934", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "student_life_cycle_management", "product": { "name": "student_life_cycle_management", "product_id": "CSAFPID-1475929", "product_identification_helper": { "cpe": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "sap" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-0778", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "notes": [ { "category": "other", "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "title": "CWE-835" } ], "references": [ { "category": "self", "summary": "CVE-2022-0778", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-0778.json" } ], "title": "CVE-2022-0778" }, { "cve": "CVE-2023-0215", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" } ], "references": [ { "category": "self", "summary": "CVE-2023-0215", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0215.json" } ], "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-704", "name": "Incorrect Type Conversion or Cast" }, "notes": [ { "category": "other", "text": "Incorrect Type Conversion or Cast", "title": "CWE-704" }, { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "references": [ { "category": "self", "summary": "CVE-2023-0286", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-0286.json" } ], "title": "CVE-2023-0286" }, { "cve": "CVE-2023-30533", "references": [ { "category": "self", "summary": "CVE-2023-30533", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30533.json" } ], "title": "CVE-2023-30533" }, { "cve": "CVE-2024-28166", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-28166", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28166.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-28166" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "references": [ { "category": "self", "summary": "CVE-2024-29415", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29415.json" } ], "title": "CVE-2024-29415" }, { "cve": "CVE-2024-33003", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1614268", "CSAFPID-1614269", "CSAFPID-1614270", "CSAFPID-1614271", "CSAFPID-1614272", "CSAFPID-1614273", "CSAFPID-1614274", "CSAFPID-1548429", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-33003", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33003.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614268", "CSAFPID-1614269", "CSAFPID-1614270", "CSAFPID-1614271", "CSAFPID-1614272", "CSAFPID-1614273", "CSAFPID-1614274", "CSAFPID-1548429", "CSAFPID-1498297" ] } ], "title": "CVE-2024-33003" }, { "cve": "CVE-2024-33005", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614243", "CSAFPID-1614244", "CSAFPID-1614245", "CSAFPID-1614246", "CSAFPID-1614247", "CSAFPID-1614248", "CSAFPID-1614249", "CSAFPID-1614250", "CSAFPID-1614251", "CSAFPID-1614252", "CSAFPID-1614253", "CSAFPID-1614254", "CSAFPID-1614255", "CSAFPID-1614256", "CSAFPID-1614257", "CSAFPID-1614258", "CSAFPID-1614259", "CSAFPID-1614260", "CSAFPID-1614261", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-33005", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33005.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614243", "CSAFPID-1614244", "CSAFPID-1614245", "CSAFPID-1614246", "CSAFPID-1614247", "CSAFPID-1614248", "CSAFPID-1614249", "CSAFPID-1614250", "CSAFPID-1614251", "CSAFPID-1614252", "CSAFPID-1614253", "CSAFPID-1614254", "CSAFPID-1614255", "CSAFPID-1614256", "CSAFPID-1614257", "CSAFPID-1614258", "CSAFPID-1614259", "CSAFPID-1614260", "CSAFPID-1614261", "CSAFPID-1498297" ] } ], "title": "CVE-2024-33005" }, { "cve": "CVE-2024-39591", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1475725", "CSAFPID-1614203", "CSAFPID-1614204", "CSAFPID-1614205", "CSAFPID-1614206", "CSAFPID-1614207", "CSAFPID-1614208", "CSAFPID-1475732", "CSAFPID-1614209", "CSAFPID-1614210", "CSAFPID-1614211", "CSAFPID-1614212", "CSAFPID-1611687", "CSAFPID-1611685", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-39591", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39591.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1475725", "CSAFPID-1614203", "CSAFPID-1614204", "CSAFPID-1614205", "CSAFPID-1614206", "CSAFPID-1614207", "CSAFPID-1614208", "CSAFPID-1475732", "CSAFPID-1614209", "CSAFPID-1614210", "CSAFPID-1614211", "CSAFPID-1614212", "CSAFPID-1611687", "CSAFPID-1611685", "CSAFPID-1498297" ] } ], "title": "CVE-2024-39591" }, { "cve": "CVE-2024-41730", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614275", "CSAFPID-1464458", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41730", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41730.json" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614275", "CSAFPID-1464458", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41730" }, { "cve": "CVE-2024-41731", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41731", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41731.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41731" }, { "cve": "CVE-2024-41732", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" } ], "product_status": { "known_affected": [ "CSAFPID-1614229", "CSAFPID-1559117", "CSAFPID-1559118", "CSAFPID-1614230", "CSAFPID-1614231", "CSAFPID-1614232", "CSAFPID-1614233", "CSAFPID-1614234", "CSAFPID-1614235", "CSAFPID-1614236", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41732", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41732.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614229", "CSAFPID-1559117", "CSAFPID-1559118", "CSAFPID-1614230", "CSAFPID-1614231", "CSAFPID-1614232", "CSAFPID-1614233", "CSAFPID-1614234", "CSAFPID-1614235", "CSAFPID-1614236", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41732" }, { "cve": "CVE-2024-41733", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1495975", "CSAFPID-1495976", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41733", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41733.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1495975", "CSAFPID-1495976", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41733" }, { "cve": "CVE-2024-41734", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1465636", "CSAFPID-1614223", "CSAFPID-1614224", "CSAFPID-1465639", "CSAFPID-1465640", "CSAFPID-1465641", "CSAFPID-1465642", "CSAFPID-1465643", "CSAFPID-1465644", "CSAFPID-1465645", "CSAFPID-1465646", "CSAFPID-1465647", "CSAFPID-1465648", "CSAFPID-1614225", "CSAFPID-1614226", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41734", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41734.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1465636", "CSAFPID-1614223", "CSAFPID-1614224", "CSAFPID-1465639", "CSAFPID-1465640", "CSAFPID-1465641", "CSAFPID-1465642", "CSAFPID-1465643", "CSAFPID-1465644", "CSAFPID-1465645", "CSAFPID-1465646", "CSAFPID-1465647", "CSAFPID-1465648", "CSAFPID-1614225", "CSAFPID-1614226", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41734" }, { "cve": "CVE-2024-41735", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" } ], "product_status": { "known_affected": [ "CSAFPID-1614262", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41735", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41735.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614262", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41735" }, { "cve": "CVE-2024-41736", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1614227", "CSAFPID-1614228", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41736", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41736.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614227", "CSAFPID-1614228", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41736" }, { "cve": "CVE-2024-41737", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "other", "text": "Server-Side Request Forgery (SSRF)", "title": "CWE-918" } ], "product_status": { "known_affected": [ "CSAFPID-1614237", "CSAFPID-1614238", "CSAFPID-1614239", "CSAFPID-1614240", "CSAFPID-1614241", "CSAFPID-1614242", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-41737", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41737.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614237", "CSAFPID-1614238", "CSAFPID-1614239", "CSAFPID-1614240", "CSAFPID-1614241", "CSAFPID-1614242", "CSAFPID-1498297" ] } ], "title": "CVE-2024-41737" }, { "cve": "CVE-2024-42373", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614213", "CSAFPID-1614214", "CSAFPID-1614215", "CSAFPID-1614216", "CSAFPID-1614217", "CSAFPID-1614218", "CSAFPID-1614219", "CSAFPID-1614220", "CSAFPID-1614221", "CSAFPID-1475927", "CSAFPID-1475928", "CSAFPID-1475929", "CSAFPID-1475930", "CSAFPID-1475931", "CSAFPID-1475932", "CSAFPID-1475933", "CSAFPID-1475934", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42373", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42373.json" } ], "title": "CVE-2024-42373" }, { "cve": "CVE-2024-42374", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "notes": [ { "category": "other", "text": "XML Injection (aka Blind XPath Injection)", "title": "CWE-91" } ], "product_status": { "known_affected": [ "CSAFPID-1614276", "CSAFPID-1614277", "CSAFPID-1614278", "CSAFPID-1614279", "CSAFPID-1614280", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42374", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42374.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-1614276", "CSAFPID-1614277", "CSAFPID-1614278", "CSAFPID-1614279", "CSAFPID-1614280", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42374" }, { "cve": "CVE-2024-42375", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "product_status": { "known_affected": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42375", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42375.json" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1475737", "CSAFPID-1464457", "CSAFPID-1464458", "CSAFPID-55201", "CSAFPID-55202", "CSAFPID-955724", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42375" }, { "cve": "CVE-2024-42376", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "other", "text": "Missing Authorization", "title": "CWE-862" } ], "product_status": { "known_affected": [ "CSAFPID-1614263", "CSAFPID-1614264", "CSAFPID-1614265", "CSAFPID-1614266", "CSAFPID-1614267", "CSAFPID-1498297" ] }, "references": [ { "category": "self", "summary": "CVE-2024-42376", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42376.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1614263", "CSAFPID-1614264", "CSAFPID-1614265", "CSAFPID-1614266", "CSAFPID-1614267", "CSAFPID-1498297" ] } ], "title": "CVE-2024-42376" } ] }
fkie_cve-2024-29415
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
cve@mitre.org | https://github.com/indutny/node-ip/issues/150 | ||
cve@mitre.org | https://github.com/indutny/node-ip/pull/143 | ||
cve@mitre.org | https://github.com/indutny/node-ip/pull/144 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/indutny/node-ip/issues/150 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/indutny/node-ip/pull/143 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/indutny/node-ip/pull/144 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20250117-0010/ |
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282." }, { "lang": "es", "value": "El paquete ip hasta la versi\u00f3n 2.0.1 para Node.js podr\u00eda permitir SSRF porque algunas direcciones IP (como 127.1, 01200034567, 012.1.2.3, 000:0:0000::01 y ::fFFf:127.0.0.1) Est\u00e1n incorrectamente categorizadas como enrutable globalmente a trav\u00e9s de isPublic. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-42282." } ], "id": "CVE-2024-29415", "lastModified": "2025-01-17T20:15:27.950", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2024-05-27T20:15:08.970", "references": [ { "source": "cve@mitre.org", "url": "https://github.com/indutny/node-ip/issues/150" }, { "source": "cve@mitre.org", "url": "https://github.com/indutny/node-ip/pull/143" }, { "source": "cve@mitre.org", "url": "https://github.com/indutny/node-ip/pull/144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/indutny/node-ip/issues/150" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/indutny/node-ip/pull/143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/indutny/node-ip/pull/144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250117-0010/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-918" }, { "lang": "en", "value": "CWE-941" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
wid-sec-w-2024-3542
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-3542 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3542.json" }, { "category": "self", "summary": "WID-SEC-2024-3542 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3542" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10236 vom 2024-11-25", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05", "url": "https://access.redhat.com/errata/RHSA-2024:10857" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05", "url": "https://access.redhat.com/errata/RHSA-2024:10865" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17", "url": "https://access.redhat.com/errata/RHSA-2024:11293" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-12-17T23:00:00.000+00:00", "generator": { "date": "2024-12-18T10:17:04.810+00:00", "engine": { "name": "BSI-WID", "version": "1.3.10" } }, "id": "WID-SEC-W-2024-3542", "initial_release_date": "2024-11-25T23:00:00.000+00:00", "revision_history": [ { "date": "2024-11-25T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-12-05T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-12-17T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "Dev Spaces \u003c3.17", "product": { "name": "Red Hat OpenShift Dev Spaces \u003c3.17", "product_id": "T039431" } }, { "category": "product_version", "name": "Dev Spaces 3.17", "product": { "name": "Red Hat OpenShift Dev Spaces 3.17", "product_id": "T039431-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:dev_spaces__3.17" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Schwachstelle resultiert aus einer unvollst\u00e4ndigen Korrektur f\u00fcr CVE-2023-42282, die das Node.js ip-Paket betrifft. Die Funktion isPublic stuft bestimmte IP-Adressen f\u00e4lschlicherweise als \u00f6ffentlich statt als privat ein. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um das Verhalten des Servers \u00fcber Server-Side-Request-Forgery zu manipulieren, was m\u00f6glicherweise weitere Aktionen wie die Ausf\u00fchrung von beliebigem Code, die Offenlegung von Informationen und die Umgehung erm\u00f6glicht." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2023-42282" }, { "cve": "CVE-2024-29415", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Schwachstelle resultiert aus einer unvollst\u00e4ndigen Korrektur f\u00fcr CVE-2023-42282, die das Node.js ip-Paket betrifft. Die Funktion isPublic stuft bestimmte IP-Adressen f\u00e4lschlicherweise als \u00f6ffentlich statt als privat ein. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um das Verhalten des Servers \u00fcber Server-Side-Request-Forgery zu manipulieren, was m\u00f6glicherweise weitere Aktionen wie die Ausf\u00fchrung von beliebigem Code, die Offenlegung von Informationen und die Umgehung erm\u00f6glicht." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-29415" }, { "cve": "CVE-2024-21534", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler betrifft die Komponente jsonpath-plus aufgrund einer unsachgem\u00e4\u00dfen Bereinigung von Eingaben in Kombination mit dem unsicheren Standardverhalten der Verwendung des vm-Moduls von Node.js. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er b\u00f6sartige JSON-Pfade erstellt, die das vm-Modul auswertet." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-21534" }, { "cve": "CVE-2024-34156", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-34156" }, { "cve": "CVE-2024-45296", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-45296" }, { "cve": "CVE-2024-45813", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-45813" }, { "cve": "CVE-2024-47875", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in DOMPurify nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-47875" }, { "cve": "CVE-2024-48949", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler betrifft das Elliptic-Paket aufgrund einer unsachgem\u00e4\u00dfen Validierung der S()-Komponente in EDDSA-Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Signaturvalidierung zu umgehen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-48949" } ] }
WID-SEC-W-2024-3542
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-3542 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3542.json" }, { "category": "self", "summary": "WID-SEC-2024-3542 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3542" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10236 vom 2024-11-25", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05", "url": "https://access.redhat.com/errata/RHSA-2024:10857" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05", "url": "https://access.redhat.com/errata/RHSA-2024:10865" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17", "url": "https://access.redhat.com/errata/RHSA-2024:11293" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-12-17T23:00:00.000+00:00", "generator": { "date": "2024-12-18T10:17:04.810+00:00", "engine": { "name": "BSI-WID", "version": "1.3.10" } }, "id": "WID-SEC-W-2024-3542", "initial_release_date": "2024-11-25T23:00:00.000+00:00", "revision_history": [ { "date": "2024-11-25T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-12-05T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-12-17T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "Dev Spaces \u003c3.17", "product": { "name": "Red Hat OpenShift Dev Spaces \u003c3.17", "product_id": "T039431" } }, { "category": "product_version", "name": "Dev Spaces 3.17", "product": { "name": "Red Hat OpenShift Dev Spaces 3.17", "product_id": "T039431-fixed", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:dev_spaces__3.17" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Schwachstelle resultiert aus einer unvollst\u00e4ndigen Korrektur f\u00fcr CVE-2023-42282, die das Node.js ip-Paket betrifft. Die Funktion isPublic stuft bestimmte IP-Adressen f\u00e4lschlicherweise als \u00f6ffentlich statt als privat ein. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um das Verhalten des Servers \u00fcber Server-Side-Request-Forgery zu manipulieren, was m\u00f6glicherweise weitere Aktionen wie die Ausf\u00fchrung von beliebigem Code, die Offenlegung von Informationen und die Umgehung erm\u00f6glicht." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2023-42282" }, { "cve": "CVE-2024-29415", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Schwachstelle resultiert aus einer unvollst\u00e4ndigen Korrektur f\u00fcr CVE-2023-42282, die das Node.js ip-Paket betrifft. Die Funktion isPublic stuft bestimmte IP-Adressen f\u00e4lschlicherweise als \u00f6ffentlich statt als privat ein. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um das Verhalten des Servers \u00fcber Server-Side-Request-Forgery zu manipulieren, was m\u00f6glicherweise weitere Aktionen wie die Ausf\u00fchrung von beliebigem Code, die Offenlegung von Informationen und die Umgehung erm\u00f6glicht." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-29415" }, { "cve": "CVE-2024-21534", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler betrifft die Komponente jsonpath-plus aufgrund einer unsachgem\u00e4\u00dfen Bereinigung von Eingaben in Kombination mit dem unsicheren Standardverhalten der Verwendung des vm-Moduls von Node.js. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er b\u00f6sartige JSON-Pfade erstellt, die das vm-Modul auswertet." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-21534" }, { "cve": "CVE-2024-34156", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-34156" }, { "cve": "CVE-2024-45296", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-45296" }, { "cve": "CVE-2024-45813", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Red Hat OpenShift. Diese Fehler betreffen das Paket encoding/gob in der Standardbibliothek von Go, das Paket path-to-regexp und das Paket find-my-way. Die Schwachstellen entstehen durch die Ersch\u00f6pfung des Stacks bei der Dekodierung tief verschachtelter Strukturen, ineffizient generierte regul\u00e4re Ausdr\u00fccke in bestimmten Pfadstrings und schlecht konstruierte regul\u00e4re Ausdr\u00fccke, die ein exzessives Backtracking erlauben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand oder einen Regular Expression Denial-of-Service zu erzeugen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-45813" }, { "cve": "CVE-2024-47875", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in DOMPurify nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-47875" }, { "cve": "CVE-2024-48949", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler betrifft das Elliptic-Paket aufgrund einer unsachgem\u00e4\u00dfen Validierung der S()-Komponente in EDDSA-Signaturen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Signaturvalidierung zu umgehen." } ], "product_status": { "known_affected": [ "67646", "T039431" ] }, "release_date": "2024-11-25T23:00:00.000+00:00", "title": "CVE-2024-48949" } ] }
gsd-2024-29415
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-29415" ], "id": "GSD-2024-29415", "modified": "2024-04-02T05:02:57.673402Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2024-29415", "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.