RHSA-2020_5179
Vulnerability from csaf_redhat - Published: 2020-11-24 13:10 - Updated: 2024-11-24 20:21Summary
Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
Severity
Low
Notes
Topic: An update is now available for Red Hat Virtualization Engine 4.4.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The org.ovirt.engine-root is a core component of oVirt.
The following packages have been upgraded to a later upstream version: engine-db-query (1.6.2), org.ovirt.engine-root (4.4.3.8), ovirt-engine-dwh (4.4.3.1), ovirt-engine-extension-aaa-ldap (1.4.2), ovirt-engine-extension-logger-log4j (1.1.1), ovirt-engine-metrics (1.4.2.1), ovirt-engine-ui-extensions (1.2.4), ovirt-log-collector (4.4.4), ovirt-web-ui (1.6.5), rhv-log-collector-analyzer (1.0.5), rhvm-branding-rhv (4.4.6). (BZ#1866981, BZ#1879377)
Security Fix(es):
* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514)
* Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016)
* If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170)
* Search backend cannot find VMs which name starts with a search keyword (BZ#1797717)
* [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320)
* enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466)
* NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316)
* Adding quota to group doesn't propagate to users (BZ#1822372)
* Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691)
* Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397)
* RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase (BZ#1854888)
* Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305)
* rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)
* RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862)
* Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133)
* HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)
* [CNV&RHV]Notification about VM creation contain <UNKNOWN> string (BZ#1873136)
* VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632)
* Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280)
* unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634)
* [CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844)
* Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)
* [CNV&RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)
* Require ansible-2.9.14 in ovirt-engine (BZ#1888626)
Enhancement(s):
* [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)
* [RFE] - enable renaming HostedEngine VM name (BZ#1657294)
* [RFE] Enabling Icelake new NIs - RHV (BZ#1745024)
* [RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751)
* [RFE] RHV-M Deployment/Install Needs it's own UUID (BZ#1825020)
* [RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865)
* [RFE] Expose the "reinstallation required" flag of the hosts in the API (BZ#1856671)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
https://access.redhat.com/errata/RHSA-2020:5179
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
https://access.redhat.com/errata/RHSA-2020:5179
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
https://access.redhat.com/errata/RHSA-2020:5179
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The org.ovirt.engine-root is a core component of oVirt.\n\nThe following packages have been upgraded to a later upstream version: engine-db-query (1.6.2), org.ovirt.engine-root (4.4.3.8), ovirt-engine-dwh (4.4.3.1), ovirt-engine-extension-aaa-ldap (1.4.2), ovirt-engine-extension-logger-log4j (1.1.1), ovirt-engine-metrics (1.4.2.1), ovirt-engine-ui-extensions (1.2.4), ovirt-log-collector (4.4.4), ovirt-web-ui (1.6.5), rhv-log-collector-analyzer (1.0.5), rhvm-branding-rhv (4.4.6). (BZ#1866981, BZ#1879377)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514)\n\n* Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016)\n\n* If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170)\n\n* Search backend cannot find VMs which name starts with a search keyword (BZ#1797717)\n\n* [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320)\n\n* enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466)\n\n* NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316)\n\n* Adding quota to group doesn\u0027t propagate to users (BZ#1822372)\n\n* Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691)\n\n* Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397)\n\n* RHV-M shows successful operation if OVA export/import failed during \"qemu-img convert\" phase (BZ#1854888)\n\n* Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305)\n\n* rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)\n\n* RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862)\n\n* Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133)\n\n* HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)\n\n* [CNV\u0026RHV]Notification about VM creation contain \u003cUNKNOWN\u003e string (BZ#1873136)\n\n* VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632)\n\n* Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280)\n\n* unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634)\n\n* [CNV\u0026RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844)\n\n* Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)\n\n* [CNV\u0026RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)\n\n* Require ansible-2.9.14 in ovirt-engine (BZ#1888626)\n\nEnhancement(s):\n\n* [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)\n\n* [RFE] - enable renaming HostedEngine VM name (BZ#1657294)\n\n* [RFE] Enabling Icelake new NIs - RHV (BZ#1745024)\n\n* [RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751)\n\n* [RFE] RHV-M Deployment/Install Needs it\u0027s own UUID (BZ#1825020)\n\n* [RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865)\n\n* [RFE] Expose the \"reinstallation required\" flag of the hosts in the API (BZ#1856671)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5179",
"url": "https://access.redhat.com/errata/RHSA-2020:5179"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1613514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613514"
},
{
"category": "external",
"summary": "1657294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657294"
},
{
"category": "external",
"summary": "1691253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691253"
},
{
"category": "external",
"summary": "1702016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702016"
},
{
"category": "external",
"summary": "1752751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752751"
},
{
"category": "external",
"summary": "1760170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760170"
},
{
"category": "external",
"summary": "1797717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797717"
},
{
"category": "external",
"summary": "1808320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808320"
},
{
"category": "external",
"summary": "1811466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811466"
},
{
"category": "external",
"summary": "1812316",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812316"
},
{
"category": "external",
"summary": "1822372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822372"
},
{
"category": "external",
"summary": "1825020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825020"
},
{
"category": "external",
"summary": "1828241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828241"
},
{
"category": "external",
"summary": "1829691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829691"
},
{
"category": "external",
"summary": "1842344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842344"
},
{
"category": "external",
"summary": "1845432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845432"
},
{
"category": "external",
"summary": "1851865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851865"
},
{
"category": "external",
"summary": "1854888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854888"
},
{
"category": "external",
"summary": "1855305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855305"
},
{
"category": "external",
"summary": "1856671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856671"
},
{
"category": "external",
"summary": "1857412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
},
{
"category": "external",
"summary": "1859314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859314"
},
{
"category": "external",
"summary": "1862101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862101"
},
{
"category": "external",
"summary": "1866981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866981"
},
{
"category": "external",
"summary": "1870133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870133"
},
{
"category": "external",
"summary": "1871694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1871694"
},
{
"category": "external",
"summary": "1872911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872911"
},
{
"category": "external",
"summary": "1873136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873136"
},
{
"category": "external",
"summary": "1876923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876923"
},
{
"category": "external",
"summary": "1877632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877632"
},
{
"category": "external",
"summary": "1877679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877679"
},
{
"category": "external",
"summary": "1879199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879199"
},
{
"category": "external",
"summary": "1879280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879280"
},
{
"category": "external",
"summary": "1879377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879377"
},
{
"category": "external",
"summary": "1881634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881634"
},
{
"category": "external",
"summary": "1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "1883844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883844"
},
{
"category": "external",
"summary": "1884146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1884146"
},
{
"category": "external",
"summary": "1884634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1884634"
},
{
"category": "external",
"summary": "1885976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885976"
},
{
"category": "external",
"summary": "1887268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887268"
},
{
"category": "external",
"summary": "1888626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888626"
},
{
"category": "external",
"summary": "1889522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889522"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5179.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-24T20:21:44+00:00",
"generator": {
"date": "2024-11-24T20:21:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:5179",
"initial_release_date": "2020-11-24T13:10:41+00:00",
"revision_history": [
{
"date": "2020-11-24T13:10:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-24T13:10:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T20:21:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "engine-db-query-0:1.6.2-1.el8ev.noarch",
"product": {
"name": "engine-db-query-0:1.6.2-1.el8ev.noarch",
"product_id": "engine-db-query-0:1.6.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"product_id": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-logger-log4j@1.1.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.6-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.3.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.4.3.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.4.3.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.6.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"product_id": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.4.2.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"product": {
"name": "rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"product_id": "rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.4.3.8-0.1.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "engine-db-query-0:1.6.2-1.el8ev.src",
"product": {
"name": "engine-db-query-0:1.6.2-1.el8ev.src",
"product_id": "engine-db-query-0:1.6.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/engine-db-query@1.6.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"product": {
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"product_id": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-logger-log4j@1.1.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.4.6-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.6-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.3.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.src",
"product_id": "ovirt-web-ui-0:1.6.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.6.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"product": {
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"product_id": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-metrics@1.4.2.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"product_id": "ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.4.3.8-0.1.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch"
},
"product_reference": "engine-db-query-0:1.6.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "engine-db-query-0:1.6.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src"
},
"product_reference": "engine-db-query-0:1.6.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.4.3.8-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src"
},
"product_reference": "ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src"
},
"product_reference": "ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.6.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.6.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.4.3.8-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch"
},
"product_reference": "rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.4.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.4.6-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20920",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20920"
},
{
"category": "external",
"summary": "RHBZ#1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1316",
"url": "https://www.npmjs.com/advisories/1316"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1324",
"url": "https://www.npmjs.com/advisories/1324"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-24T13:10:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5179"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
},
{
"cve": "CVE-2019-20922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20922"
},
{
"category": "external",
"summary": "RHBZ#1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1300",
"url": "https://www.npmjs.com/advisories/1300"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-24T13:10:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5179"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
},
{
"cve": "CVE-2020-8203",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1857412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: prototype pollution in zipObjectDeep function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and Red Hat OpenShift Container Platform (RHOCP), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-lodash library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nRed Hat Virtualization uses vulnerable version of nodejs-lodash, however zipObjectDeep is not used, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:engine-db-query-0:1.6.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.3.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-metrics-0:1.4.2.1-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.6.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.5-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.6-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8203"
},
{
"category": "external",
"summary": "RHBZ#1857412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/712065",
"url": "https://hackerone.com/reports/712065"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1523",
"url": "https://www.npmjs.com/advisories/1523"
}
],
"release_date": "2020-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-24T13:10:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5179"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.4.3.8-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.4.3.8-0.1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-lodash: prototype pollution in zipObjectDeep function"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…