Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-8184
Vulnerability from cvelistv5
Published
2024-10-14 15:09
Modified
2024-10-15 17:42
Severity ?
EPSS score ?
Summary
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Jetty |
Version: 9.3.12 ≤ 9.4.55 Version: 10.0.0 ≤ 10.0.23 Version: 11.0.0 ≤ 11.0.23 Version: 12.0.0 ≤ 12.0.8 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8184", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:41:50.744158Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:42:01.168Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2/", defaultStatus: "unaffected", modules: [ "jetty-server", ], packageName: "org.eclipse.jetty:jetty-server", product: "Jetty", repo: "https://github.com/jetty/jetty.project", vendor: "Eclipse Foundation", versions: [ { lessThanOrEqual: "9.4.55", status: "affected", version: "9.3.12", versionType: "semver", }, { lessThanOrEqual: "10.0.23", status: "affected", version: "10.0.0", versionType: "semver", }, { lessThanOrEqual: "11.0.23", status: "affected", version: "11.0.0", versionType: "semver", }, { lessThanOrEqual: "12.0.8", status: "affected", version: "12.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "https://github.com/HRsGIT", }, ], datePublic: "2024-10-14T03:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There exists a security vulnerability in Jetty's <code>ThreadLimitHandler.getRemote()</code> which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.<br>", }, ], value: "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-14T15:30:02.698Z", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, { url: "https://github.com/jetty/jetty.project/pull/11723", }, ], source: { discovery: "UNKNOWN", }, title: "Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Do not use <code>ThreadLimitHandler</code>.<br>\nConsider use of <code>QoSHandler</code> instead to artificially limit resource utilization.<br>", }, ], value: "Do not use ThreadLimitHandler.\n\nConsider use of QoSHandler instead to artificially limit resource utilization.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2024-8184", datePublished: "2024-10-14T15:09:37.861Z", dateReserved: "2024-08-26T15:58:44.006Z", dateUpdated: "2024-10-15T17:42:01.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-8184\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2024-10-14T16:15:04.380\",\"lastModified\":\"2024-11-08T21:00:09.857\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de seguridad en ThreadLimitHandler.getRemote() de Jetty que puede ser explotada por usuarios no autorizados para provocar un ataque de denegación de servicio (DoS) remoto. Al enviar repetidamente solicitudes manipuladas, los atacantes pueden generar errores OutofMemory y agotar la memoria del servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.12\",\"versionEndExcluding\":\"9.4.56\",\"matchCriteriaId\":\"38EE28A7-83A2-4D16-A1D7-197C1680C234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.24\",\"matchCriteriaId\":\"40B124FE-E76C-4612-8781-42CF3182E264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.24\",\"matchCriteriaId\":\"43B96569-B73B-4765-994F-809E5AE1A3CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.9\",\"matchCriteriaId\":\"CDCB79ED-6D2F-4A37-BB89-41EABF18EAC1\"}]}]}],\"references\":[{\"url\":\"https://github.com/jetty/jetty.project/pull/11723\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/30\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8184\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:41:50.744158Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T17:41:57.293Z\"}}], \"cna\": {\"title\": \"Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"https://github.com/HRsGIT\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/jetty/jetty.project\", \"vendor\": \"Eclipse Foundation\", \"modules\": [\"jetty-server\"], \"product\": \"Jetty\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.3.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.4.55\"}, {\"status\": \"affected\", \"version\": \"10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.23\"}, {\"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.23\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.0.8\"}], \"packageName\": \"org.eclipse.jetty:jetty-server\", \"collectionURL\": \"https://repo.maven.apache.org/maven2/\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-10-14T03:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq\"}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/30\"}, {\"url\": \"https://github.com/jetty/jetty.project/pull/11723\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Do not use ThreadLimitHandler.\\n\\nConsider use of QoSHandler instead to artificially limit resource utilization.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Do not use <code>ThreadLimitHandler</code>.<br>\\nConsider use of <code>QoSHandler</code> instead to artificially limit resource utilization.<br>\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There exists a security vulnerability in Jetty's <code>ThreadLimitHandler.getRemote()</code> which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.<br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2024-10-14T15:30:02.698Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-8184\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T17:42:01.168Z\", \"dateReserved\": \"2024-08-26T15:58:44.006Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2024-10-14T15:09:37.861Z\", \"assignerShortName\": \"eclipse\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
RHSA-2024:11023
Vulnerability from csaf_redhat
Published
2024-12-12 20:00
Modified
2025-05-02 16:17
Summary
Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.
Notes
Topic
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)
* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11023", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11023.json", }, ], title: "Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.", tracking: { current_release_date: "2025-05-02T16:17:17+00:00", generator: { date: "2025-05-02T16:17:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2024:11023", initial_release_date: "2024-12-12T20:00:23+00:00", revision_history: [ { date: "2024-12-12T20:00:23+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-12T20:00:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:17:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product: { name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_id: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_identification_helper: { cpe: "cpe:/a:redhat:rhboac_hawtio:4.0.0", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, ], }
rhsa-2024_9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2025-01-06 18:07
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2025-01-06T18:07:18+00:00", generator: { date: "2025-01-06T18:07:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:07:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2024_11023
Vulnerability from csaf_redhat
Published
2024-12-12 20:00
Modified
2025-01-06 18:54
Summary
Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.
Notes
Topic
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)
* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11023", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11023.json", }, ], title: "Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.", tracking: { current_release_date: "2025-01-06T18:54:02+00:00", generator: { date: "2025-01-06T18:54:02+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:11023", initial_release_date: "2024-12-12T20:00:23+00:00", revision_history: [ { date: "2024-12-12T20:00:23+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-12T20:00:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T18:54:02+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product: { name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_id: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_identification_helper: { cpe: "cpe:/a:redhat:rhboac_hawtio:4.0.0", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, ], }
RHSA-2024:9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2025-05-02 16:19
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2025-05-02T16:19:40+00:00", generator: { date: "2025-05-02T16:19:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:19:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2025:2416
Vulnerability from csaf_redhat
Published
2025-03-05 20:59
Modified
2025-05-02 16:18
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.9.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.9.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 2.9.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.8.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control:cio.netty:netty-common:4.1.115.Final-redhat [amq-st-2] "(CVE-2023-52428)"
* Cruise Control:com.nimbusds:nimbus-jose-jwt:9.37.2.redhat [amq-st-2] "(CVE-2024-47535)"
* Cruise Control:org.apache.kafka:kafka-clients:3.5.2.redhat+ [amq-st-2] "(CVE-2024-31141)"
* Cruise Control:io:commons-io:2.15.1.redhat+ [amq-st-2] "(CVE-2024-47554)"
* Cruise Control:org.eclipse.jetty:jetty-server:9.4.56.v20240826-redhat+ [amq-st-2] "(CVE-2024-8184)"
* Cruise Control:org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] "(CVE-2024-8184)"
* Kafka Exporter:golang-github-danielqsj-kafka_exporter: Golang FIPS zeroed buffer [amq-st-2] "(CVE-2024-9355)"
* Kafka Exporter:golang-github-danielqsj-kafka_exporter: net/http: Denial of service due to improper 100-continue handling in net/http [amq-st-2] "(CVE-2024-24791)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.9.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 2.9.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.8.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control:cio.netty:netty-common:4.1.115.Final-redhat [amq-st-2] \"(CVE-2023-52428)\"\n\n* Cruise Control:com.nimbusds:nimbus-jose-jwt:9.37.2.redhat [amq-st-2] \"(CVE-2024-47535)\"\n\n* Cruise Control:org.apache.kafka:kafka-clients:3.5.2.redhat+ [amq-st-2] \"(CVE-2024-31141)\"\n\n* Cruise Control:io:commons-io:2.15.1.redhat+ [amq-st-2] \"(CVE-2024-47554)\"\n\n* Cruise Control:org.eclipse.jetty:jetty-server:9.4.56.v20240826-redhat+ [amq-st-2] \"(CVE-2024-8184)\"\n\n* Cruise Control:org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \"(CVE-2024-8184)\"\n\n* Kafka Exporter:golang-github-danielqsj-kafka_exporter: Golang FIPS zeroed buffer [amq-st-2] \"(CVE-2024-9355)\"\n\n* Kafka Exporter:golang-github-danielqsj-kafka_exporter: net/http: Denial of service due to improper 100-continue handling in net/http [amq-st-2] \"(CVE-2024-24791)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:2416", url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2315719", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2325538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325538", }, { category: "external", summary: "2327264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327264", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2416.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.9.0 release and security update", tracking: { current_release_date: "2025-05-02T16:18:13+00:00", generator: { date: "2025-05-02T16:18:13+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2025:2416", initial_release_date: "2025-03-05T20:59:06+00:00", revision_history: [ { date: "2025-03-05T20:59:06+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-05T20:59:06+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:18:13+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.9.0", product: { name: "Streams for Apache Kafka 2.9.0", product_id: "Streams for Apache Kafka 2.9.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { acknowledgments: [ { names: [ "David Benoit", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2024-9355", cwe: { id: "CWE-457", name: "Use of Uninitialized Variable", }, discovery_date: "2024-09-30T17:51:17.811000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2315719", }, ], notes: [ { category: "description", text: "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.", title: "Vulnerability description", }, { category: "summary", text: "golang-fips: Golang FIPS zeroed buffer", title: "Vulnerability summary", }, { category: "other", text: "This issue is specific to the Go language and only affects the test code in cri-o and conmon, not the production code. Since both projects use Go exclusively for testing purposes, this issue does not impact their production environment. Therefore, cri-o and conmon are not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9355", }, { category: "external", summary: "RHBZ#2315719", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9355", url: "https://www.cve.org/CVERecord?id=CVE-2024-9355", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9355", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9355", }, ], release_date: "2024-09-30T20:53:42.833000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-fips: Golang FIPS zeroed buffer", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-07-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295310", }, ], notes: [ { category: "description", text: "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "net/http: Denial of service due to improper 100-continue handling in net/http", title: "Vulnerability summary", }, { category: "other", text: "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker's control. This reduces the severity score of this flaw to Moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-20: Improper Input Validation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by input validation vulnerabilities. Security testing and evaluation standards are implemented within the environment to rigorously test input validation mechanisms during the development lifecycle, while static code analysis identifies potential input validation vulnerabilities by default. Process isolation ensures that processes handling potentially malicious or unvalidated inputs run in isolated environments by separating execution domains for each process. Malicious code protections, such as IPS/IDS and antimalware solutions, help detect and mitigate malicious payloads stemming from input validation vulnerabilities. Finally, robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks further.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24791", }, { category: "external", summary: "RHBZ#2295310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24791", url: "https://www.cve.org/CVERecord?id=CVE-2024-24791", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", }, { category: "external", summary: "https://go.dev/cl/591255", url: "https://go.dev/cl/591255", }, { category: "external", summary: "https://go.dev/issue/67555", url: "https://go.dev/issue/67555", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", url: "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", }, ], release_date: "2024-07-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "net/http: Denial of service due to improper 100-continue handling in net/http", }, { cve: "CVE-2024-31141", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2024-11-19T09:00:35.857468+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2327264", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.", title: "Vulnerability description", }, { category: "summary", text: "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-31141", }, { category: "external", summary: "RHBZ#2327264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-31141", url: "https://www.cve.org/CVERecord?id=CVE-2024-31141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-31141", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-31141", }, { category: "external", summary: "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv", url: "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv", }, ], release_date: "2024-11-19T08:40:50.695000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider", }, { cve: "CVE-2024-47535", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-11-12T16:01:18.772613+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2325538", }, ], notes: [ { category: "description", text: "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.", title: "Vulnerability description", }, { category: "summary", text: "netty: Denial of Service attack on windows app using Netty", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47535", }, { category: "external", summary: "RHBZ#2325538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47535", url: "https://www.cve.org/CVERecord?id=CVE-2024-47535", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47535", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47535", }, { category: "external", summary: "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", url: "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv", url: "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv", }, ], release_date: "2024-11-12T15:50:08.334000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty: Denial of Service attack on windows app using Netty", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2024:9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2025-05-02 16:19
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2025-05-02T16:19:40+00:00", generator: { date: "2025-05-02T16:19:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:19:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2024:11023
Vulnerability from csaf_redhat
Published
2024-12-12 20:00
Modified
2025-05-02 16:17
Summary
Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.
Notes
Topic
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)
* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)
* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "HawtIO 4.1.0 for Red Hat build of Apache Camel 4 GA Release is now available.\n\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\n\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n\n* org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816)\n\n* org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (CVE-2024-8184)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)\n\n* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:11023", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_11023.json", }, ], title: "Red Hat Security Advisory: HawtIO 4.1.0 for Red Hat build of Apache Camel 4 Release and security update.", tracking: { current_release_date: "2025-05-02T16:17:17+00:00", generator: { date: "2025-05-02T16:17:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2024:11023", initial_release_date: "2024-12-12T20:00:23+00:00", revision_history: [ { date: "2024-12-12T20:00:23+00:00", number: "1", summary: "Initial version", }, { date: "2024-12-12T20:00:23+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:17:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product: { name: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_id: "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", product_identification_helper: { cpe: "cpe:/a:redhat:rhboac_hawtio:4.0.0", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { acknowledgments: [ { names: [ "BfC", ], }, ], cve: "CVE-2024-7885", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2024-08-16T09:00:41.686000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2305290", }, ], notes: [ { category: "description", text: "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", title: "Vulnerability description", }, { category: "summary", text: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", title: "Vulnerability summary", }, { category: "other", text: "Red Hat decided to rate this vulnerability as Important because of the potential loss of Availability and no additional privileges being required.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7885", }, { category: "external", summary: "RHBZ#2305290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7885", url: "https://www.cve.org/CVERecord?id=CVE-2024-7885", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", }, ], release_date: "2024-08-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: Improper State Management in Proxy Protocol parsing causes information leakage", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-09-13T06:20:08.422867+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312060", }, ], notes: [ { category: "description", text: "A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a FileSystemResource location.", title: "Vulnerability description", }, { category: "summary", text: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", title: "Vulnerability summary", }, { category: "other", text: "Path traversal vulnerabilities in applications that serve static resources via RouterFunctions and FileSystemResource pose a important security risk, as they allow attackers to bypass access controls and retrieve arbitrary files from the server's filesystem. This type of attack can lead to unauthorized exposure of sensitive data, such as configuration files, environment variables, or authentication credentials. If exploited, it can further facilitate privilege escalation, lateral movement, or remote code execution within the system. Given the broad access it grants to the server's filesystem, the potential for system compromise makes path traversal vulnerabilities a high-severity issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38816", }, { category: "external", summary: "RHBZ#2312060", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312060", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38816", url: "https://www.cve.org/CVERecord?id=CVE-2024-38816", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38816", }, { category: "external", summary: "https://spring.io/security/cve-2024-38816", url: "https://spring.io/security/cve-2024-38816", }, ], release_date: "2024-09-13T06:15:11.190000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource", }, { cve: "CVE-2024-43796", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:28.106254+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311152", }, ], notes: [ { category: "description", text: "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", title: "Vulnerability description", }, { category: "summary", text: "express: Improper Input Handling in Express Redirects", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43796", }, { category: "external", summary: "RHBZ#2311152", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311152", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43796", url: "https://www.cve.org/CVERecord?id=CVE-2024-43796", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", }, { category: "external", summary: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], release_date: "2024-09-10T15:15:17.510000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "express: Improper Input Handling in Express Redirects", }, { cve: "CVE-2024-43799", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:30.869487+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311153", }, ], notes: [ { category: "description", text: "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", title: "Vulnerability description", }, { category: "summary", text: "send: Code Execution Vulnerability in Send Library", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43799", }, { category: "external", summary: "RHBZ#2311153", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311153", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43799", url: "https://www.cve.org/CVERecord?id=CVE-2024-43799", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", }, { category: "external", summary: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", url: "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", }, { category: "external", summary: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", url: "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", }, ], release_date: "2024-09-10T15:15:17.727000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "send: Code Execution Vulnerability in Send Library", }, { cve: "CVE-2024-43800", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2024-09-10T15:30:33.631718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311154", }, ], notes: [ { category: "description", text: "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", title: "Vulnerability description", }, { category: "summary", text: "serve-static: Improper Sanitization in serve-static", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-43800", }, { category: "external", summary: "RHBZ#2311154", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311154", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-43800", url: "https://www.cve.org/CVERecord?id=CVE-2024-43800", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", url: "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", }, { category: "external", summary: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", url: "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", }, { category: "external", summary: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", url: "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", }, ], release_date: "2024-09-10T15:15:17.937000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "serve-static: Improper Sanitization in serve-static", }, { cve: "CVE-2024-45296", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-09T19:20:18.127723+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2310908", }, ], notes: [ { category: "description", text: "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "path-to-regexp: Backtracking regular expressions cause ReDoS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45296", }, { category: "external", summary: "RHBZ#2310908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310908", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45296", url: "https://www.cve.org/CVERecord?id=CVE-2024-45296", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", url: "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", url: "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", }, { category: "external", summary: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", url: "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", }, ], release_date: "2024-09-09T19:15:13.330000+00:00", remediations: [ { category: "vendor_fix", date: "2024-12-12T20:00:23+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "path-to-regexp: Backtracking regular expressions cause ReDoS", }, ], }
opensuse-su-2024:14408-1
Vulnerability from csaf_opensuse
Published
2024-10-17 00:00
Modified
2024-10-17 00:00
Summary
jetty-annotations-9.4.56-2.1 on GA media
Notes
Title of the patch
jetty-annotations-9.4.56-2.1 on GA media
Description of the patch
These are all security issues fixed in the jetty-annotations-9.4.56-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14408
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "jetty-annotations-9.4.56-2.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the jetty-annotations-9.4.56-2.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14408", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14408-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14408-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14408-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/", }, { category: "self", summary: "SUSE CVE CVE-2024-8184 page", url: "https://www.suse.com/security/cve/CVE-2024-8184/", }, ], title: "jetty-annotations-9.4.56-2.1 on GA media", tracking: { current_release_date: "2024-10-17T00:00:00Z", generator: { date: "2024-10-17T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14408-1", initial_release_date: "2024-10-17T00:00:00Z", revision_history: [ { date: "2024-10-17T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "jetty-annotations-9.4.56-2.1.aarch64", product: { name: "jetty-annotations-9.4.56-2.1.aarch64", product_id: "jetty-annotations-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-ant-9.4.56-2.1.aarch64", product: { name: "jetty-ant-9.4.56-2.1.aarch64", product_id: "jetty-ant-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-cdi-9.4.56-2.1.aarch64", product: { name: "jetty-cdi-9.4.56-2.1.aarch64", product_id: "jetty-cdi-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-client-9.4.56-2.1.aarch64", product: { name: "jetty-client-9.4.56-2.1.aarch64", product_id: "jetty-client-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-continuation-9.4.56-2.1.aarch64", product: { name: "jetty-continuation-9.4.56-2.1.aarch64", product_id: "jetty-continuation-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-deploy-9.4.56-2.1.aarch64", product: { name: "jetty-deploy-9.4.56-2.1.aarch64", product_id: "jetty-deploy-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-fcgi-9.4.56-2.1.aarch64", product: { name: "jetty-fcgi-9.4.56-2.1.aarch64", product_id: "jetty-fcgi-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-http-9.4.56-2.1.aarch64", product: { name: "jetty-http-9.4.56-2.1.aarch64", product_id: "jetty-http-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-http-spi-9.4.56-2.1.aarch64", product: { name: "jetty-http-spi-9.4.56-2.1.aarch64", product_id: "jetty-http-spi-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-io-9.4.56-2.1.aarch64", product: { name: "jetty-io-9.4.56-2.1.aarch64", product_id: "jetty-io-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-jaas-9.4.56-2.1.aarch64", product: { name: "jetty-jaas-9.4.56-2.1.aarch64", product_id: "jetty-jaas-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-jmx-9.4.56-2.1.aarch64", product: { name: "jetty-jmx-9.4.56-2.1.aarch64", product_id: "jetty-jmx-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-jndi-9.4.56-2.1.aarch64", product: { name: "jetty-jndi-9.4.56-2.1.aarch64", product_id: "jetty-jndi-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-jsp-9.4.56-2.1.aarch64", product: { name: "jetty-jsp-9.4.56-2.1.aarch64", product_id: "jetty-jsp-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-minimal-javadoc-9.4.56-2.1.aarch64", product: { name: "jetty-minimal-javadoc-9.4.56-2.1.aarch64", product_id: "jetty-minimal-javadoc-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-openid-9.4.56-2.1.aarch64", product: { name: "jetty-openid-9.4.56-2.1.aarch64", product_id: "jetty-openid-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-plus-9.4.56-2.1.aarch64", product: { name: "jetty-plus-9.4.56-2.1.aarch64", product_id: "jetty-plus-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-proxy-9.4.56-2.1.aarch64", product: { name: "jetty-proxy-9.4.56-2.1.aarch64", product_id: "jetty-proxy-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-quickstart-9.4.56-2.1.aarch64", product: { name: "jetty-quickstart-9.4.56-2.1.aarch64", product_id: "jetty-quickstart-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-rewrite-9.4.56-2.1.aarch64", product: { name: "jetty-rewrite-9.4.56-2.1.aarch64", product_id: "jetty-rewrite-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-security-9.4.56-2.1.aarch64", product: { name: "jetty-security-9.4.56-2.1.aarch64", product_id: "jetty-security-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-server-9.4.56-2.1.aarch64", product: { name: "jetty-server-9.4.56-2.1.aarch64", product_id: "jetty-server-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-servlet-9.4.56-2.1.aarch64", product: { name: "jetty-servlet-9.4.56-2.1.aarch64", product_id: "jetty-servlet-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-servlets-9.4.56-2.1.aarch64", product: { name: "jetty-servlets-9.4.56-2.1.aarch64", product_id: "jetty-servlets-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-start-9.4.56-2.1.aarch64", product: { name: "jetty-start-9.4.56-2.1.aarch64", product_id: "jetty-start-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-util-9.4.56-2.1.aarch64", product: { name: "jetty-util-9.4.56-2.1.aarch64", product_id: "jetty-util-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-util-ajax-9.4.56-2.1.aarch64", product: { name: "jetty-util-ajax-9.4.56-2.1.aarch64", product_id: "jetty-util-ajax-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-webapp-9.4.56-2.1.aarch64", product: { name: "jetty-webapp-9.4.56-2.1.aarch64", product_id: "jetty-webapp-9.4.56-2.1.aarch64", }, }, { category: "product_version", name: "jetty-xml-9.4.56-2.1.aarch64", product: { name: "jetty-xml-9.4.56-2.1.aarch64", product_id: "jetty-xml-9.4.56-2.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "jetty-annotations-9.4.56-2.1.ppc64le", product: { name: "jetty-annotations-9.4.56-2.1.ppc64le", product_id: "jetty-annotations-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-ant-9.4.56-2.1.ppc64le", product: { name: "jetty-ant-9.4.56-2.1.ppc64le", product_id: "jetty-ant-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-cdi-9.4.56-2.1.ppc64le", product: { name: "jetty-cdi-9.4.56-2.1.ppc64le", product_id: "jetty-cdi-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-client-9.4.56-2.1.ppc64le", product: { name: "jetty-client-9.4.56-2.1.ppc64le", product_id: "jetty-client-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-continuation-9.4.56-2.1.ppc64le", product: { name: "jetty-continuation-9.4.56-2.1.ppc64le", product_id: "jetty-continuation-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-deploy-9.4.56-2.1.ppc64le", product: { name: "jetty-deploy-9.4.56-2.1.ppc64le", product_id: "jetty-deploy-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-fcgi-9.4.56-2.1.ppc64le", product: { name: "jetty-fcgi-9.4.56-2.1.ppc64le", product_id: "jetty-fcgi-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-http-9.4.56-2.1.ppc64le", product: { name: "jetty-http-9.4.56-2.1.ppc64le", product_id: "jetty-http-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-http-spi-9.4.56-2.1.ppc64le", product: { name: "jetty-http-spi-9.4.56-2.1.ppc64le", product_id: "jetty-http-spi-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-io-9.4.56-2.1.ppc64le", product: { name: "jetty-io-9.4.56-2.1.ppc64le", product_id: "jetty-io-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-jaas-9.4.56-2.1.ppc64le", product: { name: "jetty-jaas-9.4.56-2.1.ppc64le", product_id: "jetty-jaas-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-jmx-9.4.56-2.1.ppc64le", product: { name: "jetty-jmx-9.4.56-2.1.ppc64le", product_id: "jetty-jmx-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-jndi-9.4.56-2.1.ppc64le", product: { name: "jetty-jndi-9.4.56-2.1.ppc64le", product_id: "jetty-jndi-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-jsp-9.4.56-2.1.ppc64le", product: { name: "jetty-jsp-9.4.56-2.1.ppc64le", product_id: "jetty-jsp-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-minimal-javadoc-9.4.56-2.1.ppc64le", product: { name: "jetty-minimal-javadoc-9.4.56-2.1.ppc64le", product_id: "jetty-minimal-javadoc-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-openid-9.4.56-2.1.ppc64le", product: { name: "jetty-openid-9.4.56-2.1.ppc64le", product_id: "jetty-openid-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-plus-9.4.56-2.1.ppc64le", product: { name: "jetty-plus-9.4.56-2.1.ppc64le", product_id: "jetty-plus-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-proxy-9.4.56-2.1.ppc64le", product: { name: "jetty-proxy-9.4.56-2.1.ppc64le", product_id: "jetty-proxy-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-quickstart-9.4.56-2.1.ppc64le", product: { name: "jetty-quickstart-9.4.56-2.1.ppc64le", product_id: "jetty-quickstart-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-rewrite-9.4.56-2.1.ppc64le", product: { name: "jetty-rewrite-9.4.56-2.1.ppc64le", product_id: "jetty-rewrite-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-security-9.4.56-2.1.ppc64le", product: { name: "jetty-security-9.4.56-2.1.ppc64le", product_id: "jetty-security-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-server-9.4.56-2.1.ppc64le", product: { name: "jetty-server-9.4.56-2.1.ppc64le", product_id: "jetty-server-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-servlet-9.4.56-2.1.ppc64le", product: { name: "jetty-servlet-9.4.56-2.1.ppc64le", product_id: "jetty-servlet-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-servlets-9.4.56-2.1.ppc64le", product: { name: "jetty-servlets-9.4.56-2.1.ppc64le", product_id: "jetty-servlets-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-start-9.4.56-2.1.ppc64le", product: { name: "jetty-start-9.4.56-2.1.ppc64le", product_id: "jetty-start-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-util-9.4.56-2.1.ppc64le", product: { name: "jetty-util-9.4.56-2.1.ppc64le", product_id: "jetty-util-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-util-ajax-9.4.56-2.1.ppc64le", product: { name: "jetty-util-ajax-9.4.56-2.1.ppc64le", product_id: "jetty-util-ajax-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-webapp-9.4.56-2.1.ppc64le", product: { name: "jetty-webapp-9.4.56-2.1.ppc64le", product_id: "jetty-webapp-9.4.56-2.1.ppc64le", }, }, { category: "product_version", name: "jetty-xml-9.4.56-2.1.ppc64le", product: { name: "jetty-xml-9.4.56-2.1.ppc64le", product_id: "jetty-xml-9.4.56-2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "jetty-annotations-9.4.56-2.1.s390x", product: { name: "jetty-annotations-9.4.56-2.1.s390x", product_id: "jetty-annotations-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-ant-9.4.56-2.1.s390x", product: { name: "jetty-ant-9.4.56-2.1.s390x", product_id: "jetty-ant-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-cdi-9.4.56-2.1.s390x", product: { name: "jetty-cdi-9.4.56-2.1.s390x", product_id: "jetty-cdi-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-client-9.4.56-2.1.s390x", product: { name: "jetty-client-9.4.56-2.1.s390x", product_id: "jetty-client-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-continuation-9.4.56-2.1.s390x", product: { name: "jetty-continuation-9.4.56-2.1.s390x", product_id: "jetty-continuation-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-deploy-9.4.56-2.1.s390x", product: { name: "jetty-deploy-9.4.56-2.1.s390x", product_id: "jetty-deploy-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-fcgi-9.4.56-2.1.s390x", product: { name: "jetty-fcgi-9.4.56-2.1.s390x", product_id: "jetty-fcgi-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-http-9.4.56-2.1.s390x", product: { name: "jetty-http-9.4.56-2.1.s390x", product_id: "jetty-http-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-http-spi-9.4.56-2.1.s390x", product: { name: "jetty-http-spi-9.4.56-2.1.s390x", product_id: "jetty-http-spi-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-io-9.4.56-2.1.s390x", product: { name: "jetty-io-9.4.56-2.1.s390x", product_id: "jetty-io-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-jaas-9.4.56-2.1.s390x", product: { name: "jetty-jaas-9.4.56-2.1.s390x", product_id: "jetty-jaas-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-jmx-9.4.56-2.1.s390x", product: { name: "jetty-jmx-9.4.56-2.1.s390x", product_id: "jetty-jmx-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-jndi-9.4.56-2.1.s390x", product: { name: "jetty-jndi-9.4.56-2.1.s390x", product_id: "jetty-jndi-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-jsp-9.4.56-2.1.s390x", product: { name: "jetty-jsp-9.4.56-2.1.s390x", product_id: "jetty-jsp-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-minimal-javadoc-9.4.56-2.1.s390x", product: { name: "jetty-minimal-javadoc-9.4.56-2.1.s390x", product_id: "jetty-minimal-javadoc-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-openid-9.4.56-2.1.s390x", product: { name: "jetty-openid-9.4.56-2.1.s390x", product_id: "jetty-openid-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-plus-9.4.56-2.1.s390x", product: { name: "jetty-plus-9.4.56-2.1.s390x", product_id: "jetty-plus-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-proxy-9.4.56-2.1.s390x", product: { name: "jetty-proxy-9.4.56-2.1.s390x", product_id: "jetty-proxy-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-quickstart-9.4.56-2.1.s390x", product: { name: "jetty-quickstart-9.4.56-2.1.s390x", product_id: "jetty-quickstart-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-rewrite-9.4.56-2.1.s390x", product: { name: "jetty-rewrite-9.4.56-2.1.s390x", product_id: "jetty-rewrite-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-security-9.4.56-2.1.s390x", product: { name: "jetty-security-9.4.56-2.1.s390x", product_id: "jetty-security-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-server-9.4.56-2.1.s390x", product: { name: "jetty-server-9.4.56-2.1.s390x", product_id: "jetty-server-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-servlet-9.4.56-2.1.s390x", product: { name: "jetty-servlet-9.4.56-2.1.s390x", product_id: "jetty-servlet-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-servlets-9.4.56-2.1.s390x", product: { name: "jetty-servlets-9.4.56-2.1.s390x", product_id: "jetty-servlets-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-start-9.4.56-2.1.s390x", product: { name: "jetty-start-9.4.56-2.1.s390x", product_id: "jetty-start-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-util-9.4.56-2.1.s390x", product: { name: "jetty-util-9.4.56-2.1.s390x", product_id: "jetty-util-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-util-ajax-9.4.56-2.1.s390x", product: { name: "jetty-util-ajax-9.4.56-2.1.s390x", product_id: "jetty-util-ajax-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-webapp-9.4.56-2.1.s390x", product: { name: "jetty-webapp-9.4.56-2.1.s390x", product_id: "jetty-webapp-9.4.56-2.1.s390x", }, }, { category: "product_version", name: "jetty-xml-9.4.56-2.1.s390x", product: { name: "jetty-xml-9.4.56-2.1.s390x", product_id: "jetty-xml-9.4.56-2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "jetty-annotations-9.4.56-2.1.x86_64", product: { name: "jetty-annotations-9.4.56-2.1.x86_64", product_id: "jetty-annotations-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-ant-9.4.56-2.1.x86_64", product: { name: "jetty-ant-9.4.56-2.1.x86_64", product_id: "jetty-ant-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-cdi-9.4.56-2.1.x86_64", product: { name: "jetty-cdi-9.4.56-2.1.x86_64", product_id: "jetty-cdi-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-client-9.4.56-2.1.x86_64", product: { name: "jetty-client-9.4.56-2.1.x86_64", product_id: "jetty-client-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-continuation-9.4.56-2.1.x86_64", product: { name: "jetty-continuation-9.4.56-2.1.x86_64", product_id: "jetty-continuation-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-deploy-9.4.56-2.1.x86_64", product: { name: "jetty-deploy-9.4.56-2.1.x86_64", product_id: "jetty-deploy-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-fcgi-9.4.56-2.1.x86_64", product: { name: "jetty-fcgi-9.4.56-2.1.x86_64", product_id: "jetty-fcgi-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-http-9.4.56-2.1.x86_64", product: { name: "jetty-http-9.4.56-2.1.x86_64", product_id: "jetty-http-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-http-spi-9.4.56-2.1.x86_64", product: { name: "jetty-http-spi-9.4.56-2.1.x86_64", product_id: "jetty-http-spi-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-io-9.4.56-2.1.x86_64", product: { name: "jetty-io-9.4.56-2.1.x86_64", product_id: "jetty-io-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-jaas-9.4.56-2.1.x86_64", product: { name: "jetty-jaas-9.4.56-2.1.x86_64", product_id: "jetty-jaas-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-jmx-9.4.56-2.1.x86_64", product: { name: "jetty-jmx-9.4.56-2.1.x86_64", product_id: "jetty-jmx-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-jndi-9.4.56-2.1.x86_64", product: { name: "jetty-jndi-9.4.56-2.1.x86_64", product_id: "jetty-jndi-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-jsp-9.4.56-2.1.x86_64", product: { name: "jetty-jsp-9.4.56-2.1.x86_64", product_id: "jetty-jsp-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-minimal-javadoc-9.4.56-2.1.x86_64", product: { name: "jetty-minimal-javadoc-9.4.56-2.1.x86_64", product_id: "jetty-minimal-javadoc-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-openid-9.4.56-2.1.x86_64", product: { name: "jetty-openid-9.4.56-2.1.x86_64", product_id: "jetty-openid-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-plus-9.4.56-2.1.x86_64", product: { name: "jetty-plus-9.4.56-2.1.x86_64", product_id: "jetty-plus-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-proxy-9.4.56-2.1.x86_64", product: { name: "jetty-proxy-9.4.56-2.1.x86_64", product_id: "jetty-proxy-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-quickstart-9.4.56-2.1.x86_64", product: { name: "jetty-quickstart-9.4.56-2.1.x86_64", product_id: "jetty-quickstart-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-rewrite-9.4.56-2.1.x86_64", product: { name: "jetty-rewrite-9.4.56-2.1.x86_64", product_id: "jetty-rewrite-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-security-9.4.56-2.1.x86_64", product: { name: "jetty-security-9.4.56-2.1.x86_64", product_id: "jetty-security-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-server-9.4.56-2.1.x86_64", product: { name: "jetty-server-9.4.56-2.1.x86_64", product_id: "jetty-server-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-servlet-9.4.56-2.1.x86_64", product: { name: "jetty-servlet-9.4.56-2.1.x86_64", product_id: "jetty-servlet-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-servlets-9.4.56-2.1.x86_64", product: { name: "jetty-servlets-9.4.56-2.1.x86_64", product_id: "jetty-servlets-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-start-9.4.56-2.1.x86_64", product: { name: "jetty-start-9.4.56-2.1.x86_64", product_id: "jetty-start-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-util-9.4.56-2.1.x86_64", product: { name: "jetty-util-9.4.56-2.1.x86_64", product_id: "jetty-util-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-util-ajax-9.4.56-2.1.x86_64", product: { name: "jetty-util-ajax-9.4.56-2.1.x86_64", product_id: "jetty-util-ajax-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-webapp-9.4.56-2.1.x86_64", product: { name: "jetty-webapp-9.4.56-2.1.x86_64", product_id: "jetty-webapp-9.4.56-2.1.x86_64", }, }, { category: "product_version", name: "jetty-xml-9.4.56-2.1.x86_64", product: { name: "jetty-xml-9.4.56-2.1.x86_64", product_id: "jetty-xml-9.4.56-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.aarch64", }, product_reference: "jetty-annotations-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.ppc64le", }, product_reference: "jetty-annotations-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.s390x", }, product_reference: "jetty-annotations-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.x86_64", }, product_reference: "jetty-annotations-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.aarch64", }, product_reference: "jetty-ant-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.ppc64le", }, product_reference: "jetty-ant-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.s390x", }, product_reference: "jetty-ant-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.x86_64", }, product_reference: "jetty-ant-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.aarch64", }, product_reference: "jetty-cdi-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.ppc64le", }, product_reference: "jetty-cdi-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.s390x", }, product_reference: "jetty-cdi-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.x86_64", }, product_reference: "jetty-cdi-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.aarch64", }, product_reference: "jetty-client-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.ppc64le", }, product_reference: "jetty-client-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.s390x", }, product_reference: "jetty-client-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.x86_64", }, product_reference: "jetty-client-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.aarch64", }, product_reference: "jetty-continuation-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.ppc64le", }, product_reference: "jetty-continuation-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.s390x", }, product_reference: "jetty-continuation-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.x86_64", }, product_reference: "jetty-continuation-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.aarch64", }, product_reference: "jetty-deploy-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.ppc64le", }, product_reference: "jetty-deploy-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.s390x", }, product_reference: "jetty-deploy-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.x86_64", }, product_reference: "jetty-deploy-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.aarch64", }, product_reference: "jetty-fcgi-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.ppc64le", }, product_reference: "jetty-fcgi-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.s390x", }, product_reference: "jetty-fcgi-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.x86_64", }, product_reference: "jetty-fcgi-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.aarch64", }, product_reference: "jetty-http-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.ppc64le", }, product_reference: "jetty-http-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.s390x", }, product_reference: "jetty-http-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.x86_64", }, product_reference: "jetty-http-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.aarch64", }, product_reference: "jetty-http-spi-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.ppc64le", }, product_reference: "jetty-http-spi-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.s390x", }, product_reference: "jetty-http-spi-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.x86_64", }, product_reference: "jetty-http-spi-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.aarch64", }, product_reference: "jetty-io-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.ppc64le", }, product_reference: "jetty-io-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.s390x", }, product_reference: "jetty-io-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.x86_64", }, product_reference: "jetty-io-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.aarch64", }, product_reference: "jetty-jaas-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.ppc64le", }, product_reference: "jetty-jaas-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.s390x", }, product_reference: "jetty-jaas-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.x86_64", }, product_reference: "jetty-jaas-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.aarch64", }, product_reference: "jetty-jmx-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.ppc64le", }, product_reference: "jetty-jmx-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.s390x", }, product_reference: "jetty-jmx-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.x86_64", }, product_reference: "jetty-jmx-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.aarch64", }, product_reference: "jetty-jndi-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.ppc64le", }, product_reference: "jetty-jndi-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.s390x", }, product_reference: "jetty-jndi-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.x86_64", }, product_reference: "jetty-jndi-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.aarch64", }, product_reference: "jetty-jsp-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.ppc64le", }, product_reference: "jetty-jsp-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.s390x", }, product_reference: "jetty-jsp-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.x86_64", }, product_reference: "jetty-jsp-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.aarch64", }, product_reference: "jetty-minimal-javadoc-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.ppc64le", }, product_reference: "jetty-minimal-javadoc-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.s390x", }, product_reference: "jetty-minimal-javadoc-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.x86_64", }, product_reference: "jetty-minimal-javadoc-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.aarch64", }, product_reference: "jetty-openid-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.ppc64le", }, product_reference: "jetty-openid-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.s390x", }, product_reference: "jetty-openid-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.x86_64", }, product_reference: "jetty-openid-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.aarch64", }, product_reference: "jetty-plus-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.ppc64le", }, product_reference: "jetty-plus-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.s390x", }, product_reference: "jetty-plus-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.x86_64", }, product_reference: "jetty-plus-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.aarch64", }, product_reference: "jetty-proxy-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.ppc64le", }, product_reference: "jetty-proxy-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.s390x", }, product_reference: "jetty-proxy-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.x86_64", }, product_reference: "jetty-proxy-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.aarch64", }, product_reference: "jetty-quickstart-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.ppc64le", }, product_reference: "jetty-quickstart-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.s390x", }, product_reference: "jetty-quickstart-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.x86_64", }, product_reference: "jetty-quickstart-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.aarch64", }, product_reference: "jetty-rewrite-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.ppc64le", }, product_reference: "jetty-rewrite-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.s390x", }, product_reference: "jetty-rewrite-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.x86_64", }, product_reference: "jetty-rewrite-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.aarch64", }, product_reference: "jetty-security-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.ppc64le", }, product_reference: "jetty-security-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.s390x", }, product_reference: "jetty-security-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.x86_64", }, product_reference: "jetty-security-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.aarch64", }, product_reference: "jetty-server-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.ppc64le", }, product_reference: "jetty-server-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.s390x", }, product_reference: "jetty-server-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.x86_64", }, product_reference: "jetty-server-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.aarch64", }, product_reference: "jetty-servlet-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.ppc64le", }, product_reference: "jetty-servlet-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.s390x", }, product_reference: "jetty-servlet-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.x86_64", }, product_reference: "jetty-servlet-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.aarch64", }, product_reference: "jetty-servlets-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.ppc64le", }, product_reference: "jetty-servlets-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.s390x", }, product_reference: "jetty-servlets-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.x86_64", }, product_reference: "jetty-servlets-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.aarch64", }, product_reference: "jetty-start-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.ppc64le", }, product_reference: "jetty-start-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.s390x", }, product_reference: "jetty-start-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.x86_64", }, product_reference: "jetty-start-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.aarch64", }, product_reference: "jetty-util-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.ppc64le", }, product_reference: "jetty-util-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.s390x", }, product_reference: "jetty-util-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.x86_64", }, product_reference: "jetty-util-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.aarch64", }, product_reference: "jetty-util-ajax-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.ppc64le", }, product_reference: "jetty-util-ajax-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.s390x", }, product_reference: "jetty-util-ajax-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.x86_64", }, product_reference: "jetty-util-ajax-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.aarch64", }, product_reference: "jetty-webapp-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.ppc64le", }, product_reference: "jetty-webapp-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.s390x", }, product_reference: "jetty-webapp-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.x86_64", }, product_reference: "jetty-webapp-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.aarch64", }, product_reference: "jetty-xml-9.4.56-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.ppc64le", }, product_reference: "jetty-xml-9.4.56-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.s390x", }, product_reference: "jetty-xml-9.4.56-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.x86_64", }, product_reference: "jetty-xml-9.4.56-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-8184", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-8184", }, ], notes: [ { category: "general", text: "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-8184", url: "https://www.suse.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "SUSE Bug 1231651 for CVE-2024-8184", url: "https://bugzilla.suse.com/1231651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-annotations-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-ant-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-cdi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-client-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-continuation-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-deploy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-fcgi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-http-spi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-io-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jaas-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jmx-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jndi-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-jsp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-openid-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-plus-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-proxy-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-quickstart-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-rewrite-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-security-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-server-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlet-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-servlets-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-start-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-util-ajax-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-webapp-9.4.56-2.1.x86_64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.aarch64", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.ppc64le", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.s390x", "openSUSE Tumbleweed:jetty-xml-9.4.56-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-8184", }, ], }
suse-su-2024:3720-1
Vulnerability from csaf_suse
Published
2024-10-18 06:33
Modified
2024-10-18 06:33
Summary
Security update for jetty-minimal
Notes
Title of the patch
Security update for jetty-minimal
Description of the patch
This update for jetty-minimal fixes the following issues:
- CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote() (bsc#1231651).
Patchnames
SUSE-2024-3720,SUSE-SLE-Module-Development-Tools-15-SP5-2024-3720,SUSE-SLE-Module-Development-Tools-15-SP6-2024-3720,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3720,openSUSE-SLE-15.5-2024-3720,openSUSE-SLE-15.6-2024-3720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for jetty-minimal", title: "Title of the patch", }, { category: "description", text: "This update for jetty-minimal fixes the following issues:\n\n- CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote() (bsc#1231651).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-3720,SUSE-SLE-Module-Development-Tools-15-SP5-2024-3720,SUSE-SLE-Module-Development-Tools-15-SP6-2024-3720,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3720,openSUSE-SLE-15.5-2024-3720,openSUSE-SLE-15.6-2024-3720", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3720-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:3720-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20243720-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:3720-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019655.html", }, { category: "self", summary: "SUSE Bug 1231651", url: "https://bugzilla.suse.com/1231651", }, { category: "self", summary: "SUSE CVE CVE-2024-8184 page", url: "https://www.suse.com/security/cve/CVE-2024-8184/", }, ], title: "Security update for jetty-minimal", tracking: { current_release_date: "2024-10-18T06:33:56Z", generator: { date: "2024-10-18T06:33:56Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:3720-1", initial_release_date: "2024-10-18T06:33:56Z", revision_history: [ { date: "2024-10-18T06:33:56Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "jetty-annotations-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-annotations-9.4.56-150200.3.28.1.noarch", product_id: "jetty-annotations-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-ant-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-ant-9.4.56-150200.3.28.1.noarch", product_id: "jetty-ant-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-cdi-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-cdi-9.4.56-150200.3.28.1.noarch", product_id: "jetty-cdi-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-client-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-client-9.4.56-150200.3.28.1.noarch", product_id: "jetty-client-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-continuation-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-continuation-9.4.56-150200.3.28.1.noarch", product_id: "jetty-continuation-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-deploy-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-deploy-9.4.56-150200.3.28.1.noarch", product_id: "jetty-deploy-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-fcgi-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-fcgi-9.4.56-150200.3.28.1.noarch", product_id: "jetty-fcgi-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-http-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-http-9.4.56-150200.3.28.1.noarch", product_id: "jetty-http-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-http-spi-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-http-spi-9.4.56-150200.3.28.1.noarch", product_id: "jetty-http-spi-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-io-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-io-9.4.56-150200.3.28.1.noarch", product_id: "jetty-io-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-jaas-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-jaas-9.4.56-150200.3.28.1.noarch", product_id: "jetty-jaas-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-javax-websocket-client-impl-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-javax-websocket-client-impl-9.4.56-150200.3.28.2.noarch", product_id: "jetty-javax-websocket-client-impl-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-javax-websocket-server-impl-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-javax-websocket-server-impl-9.4.56-150200.3.28.2.noarch", product_id: "jetty-javax-websocket-server-impl-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-jmx-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-jmx-9.4.56-150200.3.28.1.noarch", product_id: "jetty-jmx-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-jndi-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-jndi-9.4.56-150200.3.28.1.noarch", product_id: "jetty-jndi-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-jsp-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-jsp-9.4.56-150200.3.28.1.noarch", product_id: "jetty-jsp-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", product_id: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-openid-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-openid-9.4.56-150200.3.28.1.noarch", product_id: "jetty-openid-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-plus-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-plus-9.4.56-150200.3.28.1.noarch", product_id: "jetty-plus-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-proxy-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-proxy-9.4.56-150200.3.28.1.noarch", product_id: "jetty-proxy-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-quickstart-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-quickstart-9.4.56-150200.3.28.1.noarch", product_id: "jetty-quickstart-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-rewrite-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-rewrite-9.4.56-150200.3.28.1.noarch", product_id: "jetty-rewrite-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-security-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-security-9.4.56-150200.3.28.1.noarch", product_id: "jetty-security-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-server-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-server-9.4.56-150200.3.28.1.noarch", product_id: "jetty-server-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-servlet-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-servlet-9.4.56-150200.3.28.1.noarch", product_id: "jetty-servlet-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-servlets-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-servlets-9.4.56-150200.3.28.1.noarch", product_id: "jetty-servlets-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-start-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-start-9.4.56-150200.3.28.1.noarch", product_id: "jetty-start-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-util-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-util-9.4.56-150200.3.28.1.noarch", product_id: "jetty-util-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", product_id: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-webapp-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-webapp-9.4.56-150200.3.28.1.noarch", product_id: "jetty-webapp-9.4.56-150200.3.28.1.noarch", }, }, { category: "product_version", name: "jetty-websocket-api-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-api-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-api-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-websocket-client-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-client-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-client-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-websocket-common-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-common-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-common-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-websocket-javadoc-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-javadoc-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-javadoc-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-websocket-server-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-server-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-server-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-websocket-servlet-9.4.56-150200.3.28.2.noarch", product: { name: "jetty-websocket-servlet-9.4.56-150200.3.28.2.noarch", product_id: "jetty-websocket-servlet-9.4.56-150200.3.28.2.noarch", }, }, { category: "product_version", name: "jetty-xml-9.4.56-150200.3.28.1.noarch", product: { name: "jetty-xml-9.4.56-150200.3.28.1.noarch", product_id: "jetty-xml-9.4.56-150200.3.28.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP6", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp6", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp6", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-io-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-security-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-server-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlet-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-io-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-security-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-server-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlet-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-150200.3.28.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-continuation-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-annotations-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-annotations-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-ant-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-ant-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-cdi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-cdi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-client-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-client-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-continuation-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-continuation-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-deploy-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-deploy-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-fcgi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-fcgi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-http-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-http-spi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-spi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-io-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-io-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-jaas-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jaas-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-jmx-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jmx-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-jndi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jndi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-jsp-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jsp-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-openid-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-openid-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-plus-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-plus-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-proxy-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-proxy-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-quickstart-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-quickstart-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-rewrite-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-rewrite-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-security-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-security-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-server-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-server-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-servlet-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlet-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-servlets-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlets-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-start-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-start-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-util-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-webapp-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-webapp-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:jetty-xml-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-xml-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "jetty-annotations-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-annotations-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-annotations-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-ant-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-ant-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-ant-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-cdi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-cdi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-cdi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-client-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-client-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-client-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-continuation-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-continuation-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-continuation-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-deploy-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-deploy-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-deploy-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-fcgi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-fcgi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-fcgi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-http-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-http-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-http-spi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-http-spi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-http-spi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-io-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-io-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-io-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-jaas-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-jaas-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jaas-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-jmx-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-jmx-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jmx-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-jndi-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-jndi-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jndi-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-jsp-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-jsp-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-jsp-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-openid-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-openid-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-openid-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-plus-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-plus-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-plus-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-proxy-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-proxy-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-proxy-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-quickstart-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-quickstart-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-quickstart-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-rewrite-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-rewrite-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-rewrite-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-security-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-security-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-security-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-server-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-server-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-server-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-servlet-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-servlet-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlet-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-servlets-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-servlets-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-servlets-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-start-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-start-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-start-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-util-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-util-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-util-ajax-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-webapp-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-webapp-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-webapp-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "jetty-xml-9.4.56-150200.3.28.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:jetty-xml-9.4.56-150200.3.28.1.noarch", }, product_reference: "jetty-xml-9.4.56-150200.3.28.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-8184", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-8184", }, ], notes: [ { category: "general", text: "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-xml-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-xml-9.4.56-150200.3.28.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-8184", url: "https://www.suse.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "SUSE Bug 1231651 for CVE-2024-8184", url: "https://bugzilla.suse.com/1231651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-xml-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-xml-9.4.56-150200.3.28.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-http-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-io-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-security-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-server-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.5:jetty-xml-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-annotations-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-ant-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-cdi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-client-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-continuation-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-deploy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-fcgi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-http-spi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-io-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jaas-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jmx-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jndi-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-jsp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-minimal-javadoc-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-openid-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-plus-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-proxy-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-quickstart-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-rewrite-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-security-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-server-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlet-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-servlets-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-start-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-util-ajax-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-webapp-9.4.56-150200.3.28.1.noarch", "openSUSE Leap 15.6:jetty-xml-9.4.56-150200.3.28.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-10-18T06:33:56Z", details: "moderate", }, ], title: "CVE-2024-8184", }, ], }
ncsc-2025-0123
Vulnerability from csaf_ncscnl
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Kwetsbaarheden verholpen in Oracle Database Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-385
Covert Timing Channel
CWE-347
Improper Verification of Cryptographic Signature
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-918
Server-Side Request Forgery (SSRF)
CWE-787
Out-of-bounds Write
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-44
Path Equivalence: 'file.name' (Internal Dot)
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-755
Improper Handling of Exceptional Conditions
CWE-178
Improper Handling of Case Sensitivity
CWE-193
Off-by-one Error
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-523
Unprotected Transport of Credentials
CWE-190
Integer Overflow or Wraparound
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-285
Improper Authorization
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-284
Improper Access Control
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Oracle Database Producten en subsystemen, zoals Oracle Server, NoSQL, TimesTen, Secure Backup en Essbase.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om een Denial-of-Service te veroorzaken of om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en gegevens te manipuleren. Subcomponenten als de RDBMS Listener, Java VM, en andere componenten zijn specifiek kwetsbaar, met CVSS-scores variërend van 5.3 tot 7.5, wat duidt op een gematigd tot hoog risico.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Path Equivalence: 'file.name' (Internal Dot)", title: "CWE-44", }, { category: "general", text: "Sensitive Information in Resource Not Removed Before Reuse", title: "CWE-226", }, { category: "general", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Off-by-one Error", title: "CWE-193", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Unprotected Transport of Credentials", title: "CWE-523", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", title: "CWE-614", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpuapr2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database Producten", tracking: { current_release_date: "2025-04-16T08:37:39.412900Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0123", initial_release_date: "2025-04-16T08:37:39.412900Z", revision_history: [ { date: "2025-04-16T08:37:39.412900Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/22.1", product: { name: "vers:unknown/22.1", product_id: "CSAFPID-1304603", }, }, ], category: "product_name", name: "Database Server", }, { branches: [ { category: "product_version_range", name: "vers:unknown/13.5.0.0", product: { name: "vers:unknown/13.5.0.0", product_id: "CSAFPID-1201359", }, }, ], category: "product_name", name: "Enterprise Manager for Oracle Database", }, { branches: [ { category: "product_version_range", name: "vers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219", product: { name: "vers:unknown/>=19.1.0.0.0|<=19.26.0.0.250219", product_id: "CSAFPID-2698376", }, }, { category: "product_version_range", name: "vers:unknown/>=21.3|<=21.17", product: { name: "vers:unknown/>=21.3|<=21.17", product_id: "CSAFPID-2698377", }, }, ], category: "product_name", name: "GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/23.1", product: { name: "vers:oracle/23.1", product_id: "CSAFPID-1238473", }, }, { category: "product_version_range", name: "vers:unknown/2.0", product: { name: "vers:unknown/2.0", product_id: "CSAFPID-1237753", }, }, { category: "product_version_range", name: "vers:unknown/20.2", product: { name: "vers:unknown/20.2", product_id: "CSAFPID-1238475", }, }, { category: "product_version_range", name: "vers:unknown/23.1", product: { name: "vers:unknown/23.1", product_id: "CSAFPID-1296375", }, }, { category: "product_version_range", name: "vers:unknown/none", product: { name: "vers:unknown/none", product_id: "CSAFPID-1237603", }, }, ], category: "product_name", name: "Big Data Spatial and Graph", }, ], category: "product_family", name: "Oracle", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.3|<=19.22", product: { name: "vers:oracle/>=19.3|<=19.22", product_id: "CSAFPID-1145825", }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.13", product: { name: "vers:oracle/>=21.3|<=21.13", product_id: "CSAFPID-1145826", }, }, ], category: "product_name", name: "Oracle Database Server", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.3|<=19.26", product: { name: "vers:oracle/>=19.3|<=19.26", product_id: "CSAFPID-2698969", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.26:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.17", product: { name: "vers:oracle/>=21.3|<=21.17", product_id: "CSAFPID-2698968", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.17:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.4|<=21.16", product: { name: "vers:oracle/>=21.4|<=21.16", product_id: "CSAFPID-1839905", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_workload_manager:21.4-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.7", product: { name: "vers:oracle/>=23.4|<=23.7", product_id: "CSAFPID-2698934", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.7:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Database Server", }, ], category: "product_family", name: "Oracle Database Server", }, { branches: [ { category: "product_version_range", name: "vers:oracle/13.5.0.0", product: { name: "vers:oracle/13.5.0.0", product_id: "CSAFPID-1144644", }, }, ], category: "product_name", name: "Oracle Enterprise Manager for Oracle Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/1.5.0", product: { name: "vers:oracle/1.5.0", product_id: "CSAFPID-2699002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/1.6.0", product: { name: "vers:oracle/1.6.0", product_id: "CSAFPID-2699003", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/1.6.1", product: { name: "vers:oracle/1.6.1", product_id: "CSAFPID-2699004", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.6.1:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle NoSQL Database", }, ], category: "product_family", name: "Oracle NoSQL Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=22.1.1.1.0|<=22.1.1.30.0", product: { name: "vers:oracle/>=22.1.1.1.0|<=22.1.1.30.0", product_id: "CSAFPID-2699053", product_identification_helper: { cpe: "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1.1.0-22.1.1.30.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle TimesTen In-Memory Database", }, ], category: "product_family", name: "Oracle TimesTen In-Memory Database", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/25.1.0", product: { name: "vers:oracle/25.1.0", product_id: "CSAFPID-2698932", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:25.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/25.2.0", product: { name: "vers:oracle/25.2.0", product_id: "CSAFPID-2698931", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:25.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.8.0|<=23.11.0", product: { name: "vers:oracle/>=23.8.0|<=23.11.0", product_id: "CSAFPID-2698930", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.8.0-23.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=24.1.0|<=24.11.0", product: { name: "vers:oracle/>=24.1.0|<=24.11.0", product_id: "CSAFPID-2698933", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:24.1.0-24.11.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Autonomous Health Framework", }, ], category: "product_family", name: "Oracle Autonomous Health Framework", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/21.7.1.0.0", product: { name: "vers:oracle/21.7.1.0.0", product_id: "CSAFPID-2698943", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.7.1.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Essbase", }, ], category: "product_family", name: "Oracle Essbase", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.10", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.10", product_id: "CSAFPID-2698949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.10:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "GoldenGate Stream Analytics", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.26.0.0.250219", product_id: "CSAFPID-2698941", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.26.0.0.250219:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3|<=21.17", product: { name: "vers:oracle/>=21.3|<=21.17", product_id: "CSAFPID-2698942", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.17:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.7", product: { name: "vers:oracle/>=23.4|<=23.7", product_id: "CSAFPID-2699022", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4-23.7:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.18", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.18", product_id: "CSAFPID-1839977", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=21.3.0.0.0|<=21.16.0.0.0", product: { name: "vers:oracle/>=21.3.0.0.0|<=21.16.0.0.0", product_id: "CSAFPID-1840034", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/>=23.4|<=23.6", product: { name: "vers:oracle/>=23.4|<=23.6", product_id: "CSAFPID-1840035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle GoldenGate Big Data and Application Adapters", }, ], category: "product_family", name: "Oracle GoldenGate", }, { branches: [ { category: "product_version_range", name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.7", product: { name: "vers:oracle/>=19.1.0.0.0|<=19.1.0.0.7", product_id: "CSAFPID-1144602", }, }, ], category: "product_name", name: "Oracle GoldenGate Stream Analytics", }, { branches: [ { category: "product_version_range", name: "vers:oracle/<23.1", product: { name: "vers:oracle/<23.1", product_id: "CSAFPID-1145800", }, }, { category: "product_version_range", name: "vers:unknown/2.0", product: { name: "vers:unknown/2.0", product_id: "CSAFPID-356315", product_identification_helper: { cpe: "cpe:2.3:a:ibm:oracle_big_data_spatial_and_graph:2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:unknown/23.1", product: { name: "vers:unknown/23.1", product_id: "CSAFPID-356152", }, }, ], category: "product_name", name: "Big Data Spatial and Graph", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/23.4.3", product: { name: "vers:oracle/23.4.3", product_id: "CSAFPID-2699065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/24.3.0", product: { name: "vers:oracle/24.3.0", product_id: "CSAFPID-2699066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/23.4.4", product: { name: "vers:oracle/23.4.4", product_id: "CSAFPID-1840017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/24.4.0", product: { name: "vers:oracle/24.4.0", product_id: "CSAFPID-1840013", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Graph Server and Client", }, ], category: "product_family", name: "Oracle Graph Server and Client", }, { branches: [ { category: "product_version_range", name: "vers:oracle/<=22.4.7", product: { name: "vers:oracle/<=22.4.7", product_id: "CSAFPID-1145419", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:22.4.7_and_prior:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/<=23.4.2", product: { name: "vers:oracle/<=23.4.2", product_id: "CSAFPID-1145421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:23.4.2_and_prior:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/<=24.1.0", product: { name: "vers:oracle/<=24.1.0", product_id: "CSAFPID-1145422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graph_server_and_client:24.1.0_and_prior:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Graph Server and Client", }, { branches: [ { category: "product_version_range", name: "vers:oracle/3.0.6", product: { name: "vers:oracle/3.0.6", product_id: "CSAFPID-1145420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:big_data_spatial_and_graph:3.0.6:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Big Data Spatial and Graph", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:oracle/12.1.0.1", product: { name: "vers:oracle/12.1.0.1", product_id: "CSAFPID-2699109", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/12.1.0.2", product: { name: "vers:oracle/12.1.0.2", product_id: "CSAFPID-2699107", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/12.1.0.3", product: { name: "vers:oracle/12.1.0.3", product_id: "CSAFPID-2699106", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:12.1.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.0", product: { name: "vers:oracle/18.1.0.0", product_id: "CSAFPID-2699110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.1", product: { name: "vers:oracle/18.1.0.1", product_id: "CSAFPID-2698972", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_version_range", name: "vers:oracle/18.1.0.2", product: { name: "vers:oracle/18.1.0.2", product_id: "CSAFPID-2699108", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "Oracle Secure Backup", }, ], category: "product_family", name: "Oracle Secure Backup", }, ], category: "vendor", name: "Oracle", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:semver/19.3|<=19.26", product: { name: "vers:semver/19.3|<=19.26", product_id: "CSAFPID-2698485", }, }, { category: "product_version_range", name: "vers:semver/21.3|<=21.17", product: { name: "vers:semver/21.3|<=21.17", product_id: "CSAFPID-2698486", }, }, { category: "product_version_range", name: "vers:semver/23.4|<=23.7", product: { name: "vers:semver/23.4|<=23.7", product_id: "CSAFPID-2698487", }, }, ], category: "product_name", name: "Oracle Database Server", }, { branches: [ { category: "product_version_range", name: "vers:semver/12.1.0.1", product: { name: "vers:semver/12.1.0.1", product_id: "CSAFPID-2698463", }, }, { category: "product_version_range", name: "vers:semver/12.1.0.2", product: { name: "vers:semver/12.1.0.2", product_id: "CSAFPID-2698464", }, }, { category: "product_version_range", name: "vers:semver/12.1.0.3", product: { name: "vers:semver/12.1.0.3", product_id: "CSAFPID-2698465", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.0", product: { name: "vers:semver/18.1.0.0", product_id: "CSAFPID-2698466", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.1", product: { name: "vers:semver/18.1.0.1", product_id: "CSAFPID-2698467", }, }, { category: "product_version_range", name: "vers:semver/18.1.0.2", product: { name: "vers:semver/18.1.0.2", product_id: "CSAFPID-2698468", }, }, ], category: "product_name", name: "Oracle Secure Backup", }, ], category: "vendor", name: "Oracle Corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1935", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-1935", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1935.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-1935", }, { cve: "CVE-2020-1938", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-1938", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1938.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-1938", }, { cve: "CVE-2020-9484", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-9484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-9484.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-9484", }, { cve: "CVE-2020-11996", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-11996", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11996.json", }, ], title: "CVE-2020-11996", }, { cve: "CVE-2020-13935", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-13935", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13935.json", }, ], title: "CVE-2020-13935", }, { cve: "CVE-2020-13943", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-13943", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13943.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-13943", }, { cve: "CVE-2020-36843", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2020-36843", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36843.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2020-36843", }, { cve: "CVE-2021-24122", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-24122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24122.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-24122", }, { cve: "CVE-2021-25122", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-25122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25122.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-25122", }, { cve: "CVE-2021-25329", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-25329", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-25329.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-25329", }, { cve: "CVE-2021-30640", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-30640", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-30640.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-30640", }, { cve: "CVE-2021-33037", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-33037", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33037.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-33037", }, { cve: "CVE-2021-41079", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-41079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41079.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-41079", }, { cve: "CVE-2021-41184", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-41184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-41184", }, { cve: "CVE-2021-42575", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-42575", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-42575.json", }, ], title: "CVE-2021-42575", }, { cve: "CVE-2021-43980", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2021-43980", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-43980.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2021-43980", }, { cve: "CVE-2022-3786", cwe: { id: "CWE-193", name: "Off-by-one Error", }, notes: [ { category: "other", text: "Off-by-one Error", title: "CWE-193", }, { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-3786", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-3786.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-3786", }, { cve: "CVE-2022-25762", cwe: { id: "CWE-226", name: "Sensitive Information in Resource Not Removed Before Reuse", }, notes: [ { category: "other", text: "Sensitive Information in Resource Not Removed Before Reuse", title: "CWE-226", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-25762", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25762.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-25762", }, { cve: "CVE-2022-42252", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2022-42252", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42252.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2022-42252", }, { cve: "CVE-2023-28708", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Unprotected Transport of Credentials", title: "CWE-523", }, { category: "other", text: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", title: "CWE-614", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-28708", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28708.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-28708", }, { cve: "CVE-2023-34053", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-34053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34053.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-34053", }, { cve: "CVE-2023-41080", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-41080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41080.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-41080", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-42795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-45648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2024-6763", cwe: { id: "CWE-1286", name: "Improper Validation of Syntactic Correctness of Input", }, notes: [ { category: "other", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-6763", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json", }, ], title: "CVE-2024-6763", }, { cve: "CVE-2024-8176", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-8176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8176.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-8176", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-8184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-8184", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-11053", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11053", }, { cve: "CVE-2024-11233", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11233.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11233", }, { cve: "CVE-2024-11234", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11234", }, { cve: "CVE-2024-11236", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-11236", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11236.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-11236", }, { cve: "CVE-2024-13176", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, notes: [ { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-13176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-13176.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-13176", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-36114", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-36114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-36114", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-39338", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39338.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-39338", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-53382", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-53382", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53382.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-53382", }, { cve: "CVE-2024-57699", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2024-57699", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-57699.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2024-57699", }, { cve: "CVE-2025-21578", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-21578", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21578.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-21578", }, { cve: "CVE-2025-24813", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Path Equivalence: 'file.name' (Internal Dot)", title: "CWE-44", }, { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-24813", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24813.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-24813", }, { cve: "CVE-2025-24970", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-24970", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-24970", }, { cve: "CVE-2025-25193", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-25193", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-25193.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-25193", }, { cve: "CVE-2025-26791", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-26791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-26791.json", }, ], scores: [ { cvss_v3: { baseScore: 4.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-26791", }, { cve: "CVE-2025-30694", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30694", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30694.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30694", }, { cve: "CVE-2025-30701", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30701", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30701.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30701", }, { cve: "CVE-2025-30702", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30702", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30702.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30702", }, { cve: "CVE-2025-30733", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30733", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30733.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30733", }, { cve: "CVE-2025-30736", product_status: { known_affected: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, references: [ { category: "self", summary: "CVE-2025-30736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30736.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1304603", "CSAFPID-1201359", "CSAFPID-1145825", "CSAFPID-2698969", "CSAFPID-1145826", "CSAFPID-2698968", "CSAFPID-1839905", "CSAFPID-2698934", "CSAFPID-1144644", "CSAFPID-2699002", "CSAFPID-2699003", "CSAFPID-2699004", "CSAFPID-2699053", "CSAFPID-2698485", "CSAFPID-2698486", "CSAFPID-2698487", "CSAFPID-2698932", "CSAFPID-2698931", "CSAFPID-2698930", "CSAFPID-2698933", "CSAFPID-2698943", "CSAFPID-2698376", "CSAFPID-2698377", "CSAFPID-2698949", "CSAFPID-2698941", "CSAFPID-2698942", "CSAFPID-2699022", "CSAFPID-1839977", "CSAFPID-1840034", "CSAFPID-1840035", "CSAFPID-1144602", "CSAFPID-1238473", "CSAFPID-1145800", "CSAFPID-356315", "CSAFPID-1237753", "CSAFPID-1238475", "CSAFPID-1296375", "CSAFPID-356152", "CSAFPID-1237603", "CSAFPID-2699065", "CSAFPID-2699066", "CSAFPID-1840017", "CSAFPID-1840013", "CSAFPID-1145419", "CSAFPID-1145421", "CSAFPID-1145422", "CSAFPID-1145420", "CSAFPID-2699109", "CSAFPID-2699107", "CSAFPID-2699106", "CSAFPID-2699110", "CSAFPID-2698972", "CSAFPID-2699108", "CSAFPID-2698463", "CSAFPID-2698464", "CSAFPID-2698465", "CSAFPID-2698466", "CSAFPID-2698467", "CSAFPID-2698468", ], }, ], title: "CVE-2025-30736", }, ], }
wid-sec-w-2024-3176
Vulnerability from csaf_certbund
Published
2024-10-14 22:00
Modified
2024-12-19 23:00
Summary
Eclipse Jetty: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff
Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3176 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3176.json", }, { category: "self", summary: "WID-SEC-2024-3176 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3176", }, { category: "external", summary: "Jetty Advisory vom 2024-10-14", url: "https://www.eclipse.org//lists/jetty-announce/msg00193.html", }, { category: "external", summary: "Jetty Advisory vom 2024-10-14", url: "https://www.eclipse.org//lists/jetty-announce/msg00194.html", }, { category: "external", summary: "GitHub Advisory vom 2024-10-14", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3720-1 vom 2024-10-18", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O3QVMQNMY7KSISCQZHRID4KVIGDCRX47/", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14408-1 vom 2024-10-19", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "IBM Security Bulletin 7176904 vom 2024-12-06", url: "https://www.ibm.com/support/pages/node/7176904", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2702 vom 2024-12-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2702.html", }, ], source_lang: "en-US", title: "Eclipse Jetty: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-19T23:00:00.000+00:00", generator: { date: "2024-12-20T09:13:42.053+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3176", initial_release_date: "2024-10-14T22:00:00.000+00:00", revision_history: [ { date: "2024-10-14T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-20T22:00:00.000+00:00", number: "3", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-11-13T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-05T23:00:00.000+00:00", number: "5", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-19T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<12.0.9", product: { name: "Eclipse Jetty <12.0.9", product_id: "T038318", }, }, { category: "product_version", name: "12.0.9", product: { name: "Eclipse Jetty 12.0.9", product_id: "T038318-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.9", }, }, }, { category: "product_version_range", name: "<10.0.24", product: { name: "Eclipse Jetty <10.0.24", product_id: "T038319", }, }, { category: "product_version", name: "10.0.24", product: { name: "Eclipse Jetty 10.0.24", product_id: "T038319-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:10.0.24", }, }, }, { category: "product_version_range", name: "<11.0.24", product: { name: "Eclipse Jetty <11.0.24", product_id: "T038320", }, }, { category: "product_version", name: "11.0.24", product: { name: "Eclipse Jetty 11.0.24", product_id: "T038320-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:11.0.24", }, }, }, { category: "product_version_range", name: "<9.4.56", product: { name: "Eclipse Jetty <9.4.56", product_id: "T038321", }, }, { category: "product_version", name: "9.4.56", product: { name: "Eclipse Jetty 9.4.56", product_id: "T038321-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:9.4.56", }, }, }, { category: "product_version_range", name: "<12.0.3", product: { name: "Eclipse Jetty <12.0.3", product_id: "T038322", }, }, { category: "product_version", name: "12.0.3", product: { name: "Eclipse Jetty 12.0.3", product_id: "T038322-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.3", }, }, }, { category: "product_version_range", name: "<9.4.54", product: { name: "Eclipse Jetty <9.4.54", product_id: "T038323", }, }, { category: "product_version", name: "9.4.54", product: { name: "Eclipse Jetty 9.4.54", product_id: "T038323-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:9.4.54", }, }, }, { category: "product_version_range", name: "<10.0.18", product: { name: "Eclipse Jetty <10.0.18", product_id: "T038324", }, }, { category: "product_version", name: "10.0.18", product: { name: "Eclipse Jetty 10.0.18", product_id: "T038324-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:10.0.18", }, }, }, { category: "product_version_range", name: "<11.0.18", product: { name: "Eclipse Jetty <11.0.18", product_id: "T038325", }, }, { category: "product_version", name: "11.0.18", product: { name: "Eclipse Jetty 11.0.18", product_id: "T038325-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:11.0.18", }, }, }, { category: "product_version_range", name: "<12.0.4", product: { name: "Eclipse Jetty <12.0.4", product_id: "T038326", }, }, { category: "product_version", name: "12.0.4", product: { name: "Eclipse Jetty 12.0.4", product_id: "T038326-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.4", }, }, }, { category: "product_version_range", name: "<12.0.12", product: { name: "Eclipse Jetty <12.0.12", product_id: "T038327", }, }, { category: "product_version", name: "12.0.12", product: { name: "Eclipse Jetty 12.0.12", product_id: "T038327-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.12", }, }, }, ], category: "product_name", name: "Jetty", }, ], category: "vendor", name: "Eclipse", }, { branches: [ { branches: [ { category: "product_version", name: "11.7", product: { name: "IBM InfoSphere Information Server 11.7", product_id: "444803", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_information_server:11.7", }, }, }, ], category: "product_name", name: "InfoSphere Information Server", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2024-6762", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft den Jetty PushSessionCacheFilter und ermöglicht eine Speichererschöpfung. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T002207", "67646", "444803", "T027843", "T038324", "T038325", "398363", "T038326", "T038322", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-6762", }, { cve: "CVE-2024-6763", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler besteht in der HttpURI-Klasse, wenn sie als Dienstprogrammklasse in einer Anwendung verwendet wird, da das Autoritätssegment eines URIs nicht ausreichend validiert wird, wodurch Open-Redirect- oder Server-Side-Request- Forgery-Angriffe möglich sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen bösartigen URI zu erstellen, der das Verhalten des Servers manipulieren kann.", }, ], product_status: { known_affected: [ "T002207", "67646", "T038318", "444803", "T027843", "398363", "T038326", "T038327", "T038322", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-6763", }, { cve: "CVE-2024-8184", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft die Funktion Jetty ThreadLimitHandler.getRemote aufgrund einer unsachgemäßen Handhabung der Ressourcenverwaltung, die zu einem Out-of-Memory-Fehler führen kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er zahlreiche bösartige Anfragen sendet.", }, ], product_status: { known_affected: [ "67646", "T038318", "T038319", "T038324", "T038325", "T038326", "T038320", "T038321", "T038322", "T038323", "T002207", "444803", "T027843", "398363", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-8184", }, { cve: "CVE-2024-9823", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler betrifft den DoSFilter aufgrund einer unsachgemäßen internen Anforderungsverfolgung, die eine Auslastung des Speichers ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen sendet.", }, ], product_status: { known_affected: [ "T002207", "67646", "444803", "T027843", "T038324", "T038325", "398363", "T038322", "T038323", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-9823", }, ], }
WID-SEC-W-2024-3176
Vulnerability from csaf_certbund
Published
2024-10-14 22:00
Modified
2024-12-19 23:00
Summary
Eclipse Jetty: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.
Angriff
Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3176 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3176.json", }, { category: "self", summary: "WID-SEC-2024-3176 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3176", }, { category: "external", summary: "Jetty Advisory vom 2024-10-14", url: "https://www.eclipse.org//lists/jetty-announce/msg00193.html", }, { category: "external", summary: "Jetty Advisory vom 2024-10-14", url: "https://www.eclipse.org//lists/jetty-announce/msg00194.html", }, { category: "external", summary: "GitHub Advisory vom 2024-10-14", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3720-1 vom 2024-10-18", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O3QVMQNMY7KSISCQZHRID4KVIGDCRX47/", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14408-1 vom 2024-10-19", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "IBM Security Bulletin 7176904 vom 2024-12-06", url: "https://www.ibm.com/support/pages/node/7176904", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2702 vom 2024-12-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2702.html", }, ], source_lang: "en-US", title: "Eclipse Jetty: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-19T23:00:00.000+00:00", generator: { date: "2024-12-20T09:13:42.053+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3176", initial_release_date: "2024-10-14T22:00:00.000+00:00", revision_history: [ { date: "2024-10-14T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-20T22:00:00.000+00:00", number: "3", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-11-13T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-05T23:00:00.000+00:00", number: "5", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-19T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Amazon aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<12.0.9", product: { name: "Eclipse Jetty <12.0.9", product_id: "T038318", }, }, { category: "product_version", name: "12.0.9", product: { name: "Eclipse Jetty 12.0.9", product_id: "T038318-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.9", }, }, }, { category: "product_version_range", name: "<10.0.24", product: { name: "Eclipse Jetty <10.0.24", product_id: "T038319", }, }, { category: "product_version", name: "10.0.24", product: { name: "Eclipse Jetty 10.0.24", product_id: "T038319-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:10.0.24", }, }, }, { category: "product_version_range", name: "<11.0.24", product: { name: "Eclipse Jetty <11.0.24", product_id: "T038320", }, }, { category: "product_version", name: "11.0.24", product: { name: "Eclipse Jetty 11.0.24", product_id: "T038320-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:11.0.24", }, }, }, { category: "product_version_range", name: "<9.4.56", product: { name: "Eclipse Jetty <9.4.56", product_id: "T038321", }, }, { category: "product_version", name: "9.4.56", product: { name: "Eclipse Jetty 9.4.56", product_id: "T038321-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:9.4.56", }, }, }, { category: "product_version_range", name: "<12.0.3", product: { name: "Eclipse Jetty <12.0.3", product_id: "T038322", }, }, { category: "product_version", name: "12.0.3", product: { name: "Eclipse Jetty 12.0.3", product_id: "T038322-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.3", }, }, }, { category: "product_version_range", name: "<9.4.54", product: { name: "Eclipse Jetty <9.4.54", product_id: "T038323", }, }, { category: "product_version", name: "9.4.54", product: { name: "Eclipse Jetty 9.4.54", product_id: "T038323-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:9.4.54", }, }, }, { category: "product_version_range", name: "<10.0.18", product: { name: "Eclipse Jetty <10.0.18", product_id: "T038324", }, }, { category: "product_version", name: "10.0.18", product: { name: "Eclipse Jetty 10.0.18", product_id: "T038324-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:10.0.18", }, }, }, { category: "product_version_range", name: "<11.0.18", product: { name: "Eclipse Jetty <11.0.18", product_id: "T038325", }, }, { category: "product_version", name: "11.0.18", product: { name: "Eclipse Jetty 11.0.18", product_id: "T038325-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:11.0.18", }, }, }, { category: "product_version_range", name: "<12.0.4", product: { name: "Eclipse Jetty <12.0.4", product_id: "T038326", }, }, { category: "product_version", name: "12.0.4", product: { name: "Eclipse Jetty 12.0.4", product_id: "T038326-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.4", }, }, }, { category: "product_version_range", name: "<12.0.12", product: { name: "Eclipse Jetty <12.0.12", product_id: "T038327", }, }, { category: "product_version", name: "12.0.12", product: { name: "Eclipse Jetty 12.0.12", product_id: "T038327-fixed", product_identification_helper: { cpe: "cpe:/a:eclipse:jetty:12.0.12", }, }, }, ], category: "product_name", name: "Jetty", }, ], category: "vendor", name: "Eclipse", }, { branches: [ { branches: [ { category: "product_version", name: "11.7", product: { name: "IBM InfoSphere Information Server 11.7", product_id: "444803", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_information_server:11.7", }, }, }, ], category: "product_name", name: "InfoSphere Information Server", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2024-6762", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft den Jetty PushSessionCacheFilter und ermöglicht eine Speichererschöpfung. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T002207", "67646", "444803", "T027843", "T038324", "T038325", "398363", "T038326", "T038322", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-6762", }, { cve: "CVE-2024-6763", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler besteht in der HttpURI-Klasse, wenn sie als Dienstprogrammklasse in einer Anwendung verwendet wird, da das Autoritätssegment eines URIs nicht ausreichend validiert wird, wodurch Open-Redirect- oder Server-Side-Request- Forgery-Angriffe möglich sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen bösartigen URI zu erstellen, der das Verhalten des Servers manipulieren kann.", }, ], product_status: { known_affected: [ "T002207", "67646", "T038318", "444803", "T027843", "398363", "T038326", "T038327", "T038322", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-6763", }, { cve: "CVE-2024-8184", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft die Funktion Jetty ThreadLimitHandler.getRemote aufgrund einer unsachgemäßen Handhabung der Ressourcenverwaltung, die zu einem Out-of-Memory-Fehler führen kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er zahlreiche bösartige Anfragen sendet.", }, ], product_status: { known_affected: [ "67646", "T038318", "T038319", "T038324", "T038325", "T038326", "T038320", "T038321", "T038322", "T038323", "T002207", "444803", "T027843", "398363", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-8184", }, { cve: "CVE-2024-9823", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler betrifft den DoSFilter aufgrund einer unsachgemäßen internen Anforderungsverfolgung, die eine Auslastung des Speichers ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen sendet.", }, ], product_status: { known_affected: [ "T002207", "67646", "444803", "T027843", "T038324", "T038325", "398363", "T038322", "T038323", ], }, release_date: "2024-10-14T22:00:00.000+00:00", title: "CVE-2024-9823", }, ], }
fkie_cve-2024-8184
Vulnerability from fkie_nvd
Published
2024-10-14 16:15
Modified
2024-11-08 21:00
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "38EE28A7-83A2-4D16-A1D7-197C1680C234", versionEndExcluding: "9.4.56", versionStartIncluding: "9.3.12", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "40B124FE-E76C-4612-8781-42CF3182E264", versionEndExcluding: "10.0.24", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "43B96569-B73B-4765-994F-809E5AE1A3CE", versionEndExcluding: "11.0.24", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "CDCB79ED-6D2F-4A37-BB89-41EABF18EAC1", versionEndExcluding: "12.0.9", versionStartIncluding: "12.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", }, { lang: "es", value: "Existe una vulnerabilidad de seguridad en ThreadLimitHandler.getRemote() de Jetty que puede ser explotada por usuarios no autorizados para provocar un ataque de denegación de servicio (DoS) remoto. Al enviar repetidamente solicitudes manipuladas, los atacantes pueden generar errores OutofMemory y agotar la memoria del servidor.", }, ], id: "CVE-2024-8184", lastModified: "2024-11-08T21:00:09.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-14T16:15:04.380", references: [ { source: "emo@eclipse.org", tags: [ "Patch", ], url: "https://github.com/jetty/jetty.project/pull/11723", }, { source: "emo@eclipse.org", tags: [ "Vendor Advisory", ], url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { source: "emo@eclipse.org", tags: [ "Vendor Advisory", ], url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-g8m5-722r-8whq
Vulnerability from github
Published
2024-10-14 21:08
Modified
2024-10-14 21:08
Severity ?
Summary
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Details
Impact
Remote DOS attack can cause out of memory
Description
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which
can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By
repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the
server's memory.
Affected Versions
- Jetty 12.0.0-12.0.8 (Supported)
- Jetty 11.0.0-11.0.23 (EOL)
- Jetty 10.0.0-10.0.23 (EOL)
- Jetty 9.3.12-9.4.55 (EOL)
Patched Versions
- Jetty 12.0.9
- Jetty 11.0.24
- Jetty 10.0.24
- Jetty 9.4.56
Workarounds
Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.
References
Jetty 12 - https://github.com/jetty/jetty.project/pull/11723
{ affected: [ { database_specific: { last_known_affected_version_range: "<= 12.0.8", }, package: { ecosystem: "Maven", name: "org.eclipse.jetty:jetty-server", }, ranges: [ { events: [ { introduced: "12.0.0", }, { fixed: "12.0.9", }, ], type: "ECOSYSTEM", }, ], }, { database_specific: { last_known_affected_version_range: "<= 10.0.23", }, package: { ecosystem: "Maven", name: "org.eclipse.jetty:jetty-server", }, ranges: [ { events: [ { introduced: "10.0.0", }, { fixed: "10.0.24", }, ], type: "ECOSYSTEM", }, ], }, { database_specific: { last_known_affected_version_range: "<= 11.0.23", }, package: { ecosystem: "Maven", name: "org.eclipse.jetty:jetty-server", }, ranges: [ { events: [ { introduced: "11.0.0", }, { fixed: "11.0.24", }, ], type: "ECOSYSTEM", }, ], }, { database_specific: { last_known_affected_version_range: "<= 9.4.55", }, package: { ecosystem: "Maven", name: "org.eclipse.jetty:jetty-server", }, ranges: [ { events: [ { introduced: "9.3.12", }, { fixed: "9.4.56", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-8184", ], database_specific: { cwe_ids: [ "CWE-400", "CWE-770", ], github_reviewed: true, github_reviewed_at: "2024-10-14T21:08:38Z", nvd_published_at: "2024-10-14T16:15:04Z", severity: "MODERATE", }, details: "### Impact\nRemote DOS attack can cause out of memory \n\n### Description\nThere exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` which\ncan be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By\nrepeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the\nserver's memory.\n\n### Affected Versions\n\n* Jetty 12.0.0-12.0.8 (Supported)\n* Jetty 11.0.0-11.0.23 (EOL)\n* Jetty 10.0.0-10.0.23 (EOL)\n* Jetty 9.3.12-9.4.55 (EOL)\n\n### Patched Versions\n\n* Jetty 12.0.9\n* Jetty 11.0.24\n* Jetty 10.0.24\n* Jetty 9.4.56\n\n### Workarounds\n\nDo not use `ThreadLimitHandler`. \nConsider use of `QoSHandler` instead to artificially limit resource utilization.\n\n### References\n\nJetty 12 - https://github.com/jetty/jetty.project/pull/11723", id: "GHSA-g8m5-722r-8whq", modified: "2024-10-14T21:08:39Z", published: "2024-10-14T21:08:38Z", references: [ { type: "WEB", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { type: "WEB", url: "https://github.com/jetty/jetty.project/pull/11723", }, { type: "PACKAGE", url: "https://github.com/jetty/jetty.project", }, { type: "WEB", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], summary: "Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.