rhsa-2024_10236
Vulnerability from csaf_redhat
Published
2024-11-25 19:44
Modified
2024-12-12 21:48
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.17 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
This release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10236",
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "2284554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "2313383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383"
},
{
"category": "external",
"summary": "2317724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724"
},
{
"category": "external",
"summary": "2317968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
},
{
"category": "external",
"summary": "2318052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052"
},
{
"category": "external",
"summary": "CRW-7528",
"url": "https://issues.redhat.com/browse/CRW-7528"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release",
"tracking": {
"current_release_date": "2024-12-12T21:48:29+00:00",
"generator": {
"date": "2024-12-12T21:48:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:10236",
"initial_release_date": "2024-11-25T19:44:38+00:00",
"revision_history": [
{
"date": "2024-11-25T19:44:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-25T19:44:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-12T21:48:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
"product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=latest"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ip: arbitrary code execution via the isPublic() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42282"
},
{
"category": "external",
"summary": "RHBZ#2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-ip: arbitrary code execution via the isPublic() function"
},
{
"cve": "CVE-2024-21534",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-10-11T06:00:50.977825+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2317968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability has been addressed, however, it is important to note that the unsafe behavior is still present but is no longer enabled by default. Developers using older versions or relying on this unsafe behavior could still be at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21534"
},
{
"category": "external",
"summary": "RHBZ#2317968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534"
},
{
"category": "external",
"summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3",
"url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
}
],
"release_date": "2024-10-11T05:00:01.824000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization"
},
{
"cve": "CVE-2024-29415",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-05-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2284554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-ip: Incomplete fix for CVE-2023-42282",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29415"
},
{
"category": "external",
"summary": "RHBZ#2284554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-ip: Incomplete fix for CVE-2023-42282"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45813",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-18T17:20:11.964011+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313383"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "find-my-way: ReDoS vulnerability in multiparametric routes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45813"
},
{
"category": "external",
"summary": "RHBZ#2313383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813"
},
{
"category": "external",
"summary": "https://blakeembrey.com/posts/2024-09-web-redos",
"url": "https://blakeembrey.com/posts/2024-09-web-redos"
},
{
"category": "external",
"summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440",
"url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440"
},
{
"category": "external",
"summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6",
"url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6"
}
],
"release_date": "2024-09-18T17:15:19.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "find-my-way: ReDoS vulnerability in multiparametric routes"
},
{
"cve": "CVE-2024-47875",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-10-11T15:20:07.304345+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318052"
}
],
"notes": [
{
"category": "description",
"text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: nesting-based mutation XSS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47875"
},
{
"category": "external",
"summary": "RHBZ#2318052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098",
"url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
"url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
"url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"
}
],
"release_date": "2024-10-11T15:15:05.860000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dompurify: nesting-based mutation XSS vulnerability"
},
{
"cve": "CVE-2024-48949",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2024-10-10T01:00:37.956974+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2317724"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-48949"
},
{
"category": "external",
"summary": "RHBZ#2317724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281",
"url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6",
"url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6"
}
],
"release_date": "2024-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T19:44:38+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.