Vulnerability-Lookup

RHSA-2024_8023

Vulnerability from csaf_redhat - Published: 2024-10-14 00:59 - Updated: 2024-12-18 04:38

Summary

Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update & enhancements

Severity

Important

Notes

Topic: Release of OpenShift Serverless Logic 1.34.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release includes security, bug fixes, and enhancements. Security Fix(es): * axios: axios: Server-Side Request Forgery (CVE-2024-39338) * express: Improper Input Handling in Express Redirects (CVE-2024-43796) * io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391) * io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391) * send: Code Execution Vulnerability in Send Library (CVE-2024-43799) * serve-static: Improper Sanitization in serve-static (CVE-2024-43800) * webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788) For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-8391

A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-39338

A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-43788

A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-43796

A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-43799

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-43800

A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:8023	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2308193	external
https://bugzilla.redhat.com/show_bug.cgi?id=2309758	external
https://bugzilla.redhat.com/show_bug.cgi?id=2311152	external
https://bugzilla.redhat.com/show_bug.cgi?id=2311153	external
https://bugzilla.redhat.com/show_bug.cgi?id=2311154	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-8391	self
https://bugzilla.redhat.com/show_bug.cgi?id=2309758	external
https://www.cve.org/CVERecord?id=CVE-2024-8391	external
https://nvd.nist.gov/vuln/detail/CVE-2024-8391	external
https://github.com/eclipse-vertx/vertx-grpc/issues/113	external
https://gitlab.eclipse.org/security/cve-assigneme…	external
https://access.redhat.com/security/cve/CVE-2024-39338	self
https://bugzilla.redhat.com/show_bug.cgi?id=2304369	external
https://www.cve.org/CVERecord?id=CVE-2024-39338	external
https://nvd.nist.gov/vuln/detail/CVE-2024-39338	external
https://github.com/axios/axios/releases	external
https://jeffhacks.com/advisories/2024/06/24/CVE-2…	external
https://access.redhat.com/security/cve/CVE-2024-43788	self
https://bugzilla.redhat.com/show_bug.cgi?id=2308193	external
https://www.cve.org/CVERecord?id=CVE-2024-43788	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43788	external
https://github.com/webpack/webpack/commit/955e057…	external
https://github.com/webpack/webpack/security/advis…	external
https://research.securitum.com/xss-in-amp4email-d…	external
https://scnps.co/papers/sp23_domclob.pdf	external
https://access.redhat.com/security/cve/CVE-2024-43796	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311152	external
https://www.cve.org/CVERecord?id=CVE-2024-43796	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43796	external
https://github.com/expressjs/express/commit/54271…	external
https://github.com/expressjs/express/security/adv…	external
https://access.redhat.com/security/cve/CVE-2024-43799	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311153	external
https://www.cve.org/CVERecord?id=CVE-2024-43799	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43799	external
https://github.com/pillarjs/send/commit/ae4f29894…	external
https://github.com/pillarjs/send/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-43800	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311154	external
https://www.cve.org/CVERecord?id=CVE-2024-43800	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43800	external
https://github.com/expressjs/serve-static/commit/…	external
https://github.com/expressjs/serve-static/commit/…	external
https://github.com/expressjs/serve-static/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Release of OpenShift Serverless Logic 1.34.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)\n\n* io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)\n\n* io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)\n\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:8023",
        "url": "https://access.redhat.com/errata/RHSA-2024:8023"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2308193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
      },
      {
        "category": "external",
        "summary": "2309758",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309758"
      },
      {
        "category": "external",
        "summary": "2311152",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
      },
      {
        "category": "external",
        "summary": "2311153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
      },
      {
        "category": "external",
        "summary": "2311154",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8023.json"
      }
    ],
    "title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update \u0026 enhancements",
    "tracking": {
      "current_release_date": "2024-12-18T04:38:42+00:00",
      "generator": {
        "date": "2024-12-18T04:38:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:8023",
      "initial_release_date": "2024-10-14T00:59:58+00:00",
      "revision_history": [
        {
          "date": "2024-10-14T00:59:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-10-14T00:59:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T04:38:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-Openshift-Serverless-1.34",
                "product": {
                  "name": "8Base-Openshift-Serverless-1.34",
                  "product_id": "8Base-RHOSS-1.34",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_serverless:1.34::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Serverless"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
                  "product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
                  "product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
                  "product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
                  "product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
                  "product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.34.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
                  "product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
                  "product_id": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
                  "product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
                  "product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
                  "product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
                  "product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
                  "product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
                  "product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
                  "product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
                  "product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.34.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
                  "product_id": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
                  "product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
                  "product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
                  "product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
                  "product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
                  "product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
                  "product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
                  "product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
                  "product_id": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
                  "product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
                  "product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
                "product": {
                  "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
                  "product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64"
        },
        "product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le"
        },
        "product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64 as a component of 8Base-Openshift-Serverless-1.34",
          "product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        },
        "product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
        "relates_to_product_reference": "8Base-RHOSS-1.34"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8391",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-09-04T16:20:44.762419+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2309758"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-8391"
        },
        {
          "category": "external",
          "summary": "RHBZ#2309758",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309758"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-8391",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8391"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8391",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8391"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vertx-grpc/issues/113",
          "url": "https://github.com/eclipse-vertx/vertx-grpc/issues/113"
        },
        {
          "category": "external",
          "summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31",
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31"
        }
      ],
      "release_date": "2024-09-04T16:15:09.253000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size"
    },
    {
      "cve": "CVE-2024-39338",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2024-08-13T17:21:32.774718+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2304369"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: axios: Server-Side Request Forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "RHBZ#2304369",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/releases",
          "url": "https://github.com/axios/axios/releases"
        },
        {
          "category": "external",
          "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
          "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
        }
      ],
      "release_date": "2024-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: axios: Server-Side Request Forgery"
    },
    {
      "cve": "CVE-2024-43788",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-08-27T17:20:06.890123+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2308193"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43788"
        },
        {
          "category": "external",
          "summary": "RHBZ#2308193",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
          "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
        },
        {
          "category": "external",
          "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
          "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
        },
        {
          "category": "external",
          "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
          "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
        },
        {
          "category": "external",
          "summary": "https://scnps.co/papers/sp23_domclob.pdf",
          "url": "https://scnps.co/papers/sp23_domclob.pdf"
        }
      ],
      "release_date": "2024-08-27T17:15:07.967000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
    },
    {
      "cve": "CVE-2024-43796",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:28.106254+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: Improper Input Handling in Express Redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
          "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
        }
      ],
      "release_date": "2024-09-10T15:15:17.510000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: Improper Input Handling in Express Redirects"
    },
    {
      "cve": "CVE-2024-43799",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:30.869487+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "send: Code Execution Vulnerability in Send Library",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
          "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
          "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
        }
      ],
      "release_date": "2024-09-10T15:15:17.727000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "send: Code Execution Vulnerability in Send Library"
    },
    {
      "cve": "CVE-2024-43800",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:33.631718+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "serve-static: Improper Sanitization in serve-static",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
          "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
          "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
          "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
          "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
        }
      ],
      "release_date": "2024-09-10T15:15:17.937000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-14T00:59:58+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8023"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
            "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "serve-static: Improper Sanitization in serve-static"
    }
  ]
}

CVE-2024-39338 (GCVE-0-2024-39338)

Vulnerability from cvelistv5 – Published: 2024-08-09 00:00 – Updated: 2024-08-15 19:26

Summary

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Severity

4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

Assigner

mitre

References

2 references

URL	Tags
https://github.com/axios/axios/releases
https://jeffhacks.com/advisories/2024/06/24/CVE-2…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "axios",
            "vendor": "axios",
            "versions": [
              {
                "status": "affected",
                "version": "1.7.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39338",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T19:24:57.844261Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T19:26:34.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-09T15:00:16.583Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/axios/axios/releases"
        },
        {
          "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-39338",
    "datePublished": "2024-08-09T00:00:00.000Z",
    "dateReserved": "2024-06-23T00:00:00.000Z",
    "dateUpdated": "2024-08-15T19:26:34.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43788 (GCVE-0-2024-43788)

Vulnerability from cvelistv5 – Published: 2024-08-27 17:07 – Updated: 2025-01-09 17:41

Title

DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)

Summary

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/webpack/webpack/security/advis…	x_refsource_CONFIRM
https://github.com/webpack/webpack/issues/18718#i…	x_refsource_MISC
https://github.com/webpack/webpack/commit/955e057…	x_refsource_MISC
https://research.securitum.com/xss-in-amp4email-d…	x_refsource_MISC
https://scnps.co/papers/sp23_domclob.pdf	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
webpack	webpack	Affected: >= 5.0.0-alpha.0, < 5.94.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:webpack:webpack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "webpack",
            "vendor": "webpack",
            "versions": [
              {
                "lessThan": "5.94.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43788",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T18:09:32.950161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T17:41:35.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "webpack",
          "vendor": "webpack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.0, \u003c 5.94.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack\u2019s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-03T14:51:39.140Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
        },
        {
          "name": "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack/issues/18718#issuecomment-2326296270"
        },
        {
          "name": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
        },
        {
          "name": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
        },
        {
          "name": "https://scnps.co/papers/sp23_domclob.pdf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://scnps.co/papers/sp23_domclob.pdf"
        }
      ],
      "source": {
        "advisory": "GHSA-4vvj-4cpr-p986",
        "discovery": "UNKNOWN"
      },
      "title": "DOM Clobbering Gadget found in Webpack\u0027s AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43788",
    "datePublished": "2024-08-27T17:07:16.285Z",
    "dateReserved": "2024-08-16T14:20:37.323Z",
    "dateUpdated": "2025-01-09T17:41:35.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43796 (GCVE-0-2024-43796)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:36 – Updated: 2024-09-10 15:58

Title

express vulnerable to XSS via response.redirect()

Summary

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expressjs/express/security/adv…	x_refsource_CONFIRM
https://github.com/expressjs/express/commit/54271…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	express	Affected: < 4.20.0 Affected: >= 5.0.0-alpha.1, < 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:58:36.256748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:58:45.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Express.js minimalist web framework for node. In express \u003c 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:36:27.380Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
        },
        {
          "name": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
        }
      ],
      "source": {
        "advisory": "GHSA-qw6h-vgh9-j6wx",
        "discovery": "UNKNOWN"
      },
      "title": "express vulnerable to XSS via response.redirect()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43796",
    "datePublished": "2024-09-10T14:36:27.380Z",
    "dateReserved": "2024-08-16T14:20:37.325Z",
    "dateUpdated": "2024-09-10T15:58:45.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43799 (GCVE-0-2024-43799)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:45 – Updated: 2025-11-03 19:30

Title

send vulnerable to template injection that can lead to XSS

Summary

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pillarjs/send/security/advisor…	x_refsource_CONFIRM
https://github.com/pillarjs/send/commit/ae4f29894…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pillarjs	send	Affected: < 0.19.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:34:08.487499Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:34:18.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:41.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "send",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.19.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:45:06.761Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
        },
        {
          "name": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
        }
      ],
      "source": {
        "advisory": "GHSA-m6fv-jmcg-4jfg",
        "discovery": "UNKNOWN"
      },
      "title": "send vulnerable to template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43799",
    "datePublished": "2024-09-10T14:45:06.761Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2025-11-03T19:30:41.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43800 (GCVE-0-2024-43800)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:50 – Updated: 2024-09-10 19:08

Title

serve-static affected by template injection that can lead to XSS

Summary

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/expressjs/serve-static/securit…	x_refsource_CONFIRM
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	serve-static	Affected: < 1.16.0 Affected: >= 2.0.0, < 2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:07:51.583443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:08:02.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "serve-static",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.16.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:50:06.043Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
        }
      ],
      "source": {
        "advisory": "GHSA-cm22-4g7w-348p",
        "discovery": "UNKNOWN"
      },
      "title": "serve-static affected by template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43800",
    "datePublished": "2024-09-10T14:50:06.043Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2024-09-10T19:08:02.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8391 (GCVE-0-2024-8391)

Vulnerability from cvelistv5 – Published: 2024-09-04 15:27 – Updated: 2024-09-04 17:40

Title

Eclipse Vert.x gRPC server does not limit the maximum message size

Summary

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

eclipse

References

2 references

URL	Tags
https://gitlab.eclipse.org/security/cve-assigneme…
https://github.com/eclipse-vertx/vertx-grpc/issues/113

Impacted products

1 product

Vendor	Product	Version
Eclipse Foundation	Eclipse Vert.x	Affected: 4.3.0 , < 4.5.10 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:vert.x:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vert.x",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThan": "4.5.10",
                "status": "affected",
                "version": "4.3.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T15:52:09.291594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T15:58:44.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "packageName": "io.vertx:vertx-grpc-server",
          "product": "Eclipse Vert.x",
          "repo": "https://github.com/eclipse-vertx/vertx-grpc",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "4.5.10",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003eIn Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis is fixed in the 4.5.10 version.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).\u00a0\n\n\n\n\nThis is fixed in the 4.5.10 version.\u00a0\n\n\n\n\nNote this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-04T17:40:20.318Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31"
        },
        {
          "url": "https://github.com/eclipse-vertx/vertx-grpc/issues/113"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse Vert.x gRPC server does not limit the maximum message size",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-8391",
    "datePublished": "2024-09-04T15:27:58.478Z",
    "dateReserved": "2024-09-03T12:39:46.456Z",
    "dateUpdated": "2024-09-04T17:40:20.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024_8023

CVE-2024-39338 (GCVE-0-2024-39338)

CVE-2024-43788 (GCVE-0-2024-43788)

CVE-2024-43796 (GCVE-0-2024-43796)

CVE-2024-43799 (GCVE-0-2024-43799)

CVE-2024-43800 (GCVE-0-2024-43800)

CVE-2024-8391 (GCVE-0-2024-8391)

Tags

Sightings

Nomenclature