Search criteria
3 vulnerabilities found for cometd by cometd
FKIE_CVE-2022-24721
Vulnerability from fkie_nvd - Published: 2022-03-15 14:15 - Updated: 2024-11-21 06:50
Severity
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/cometd/cometd/issues/1146 | Issue Tracking, Third Party Advisory | |
| security-advisories@github.com | https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cometd/cometd/issues/1146 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C396054E-E663-49EF-8212-2D3BFACDCA0A",
"versionEndExcluding": "5.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "431F0B99-7272-48BE-B046-65AEDF8AE02A",
"versionEndExcluding": "6.0.6",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9864C8A4-84FC-4341-955F-508FDD7F876A",
"versionEndExcluding": "7.0.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
},
{
"lang": "es",
"value": "CometD es una implementaci\u00f3n escalable de comet para la mensajer\u00eda web. En cualquier versi\u00f3n anterior a 5.0.11, 6.0.6 y 7.0.6, el uso interno de los canales Oort y Seti est\u00e1 indebidamente autorizado, por lo que cualquier usuario remoto podr\u00eda suscribirse y publicar en esos canales. Al suscribirse a esos canales, un usuario remoto podr\u00eda visualizar el tr\u00e1fico interno del cl\u00faster que contiene datos de otros usuarios (posiblemente confidenciales). Al publicar en esos canales, un usuario remoto podr\u00eda crear/modificar/borrar los datos de otros usuarios y modificar la estructura del cl\u00faster. Se presenta una correcci\u00f3n disponible en versiones 5.0.11, 6.0.6 y 7.0.6. Como medida de mitigaci\u00f3n, instale una \"SecurityPolicy\" personalizada que proh\u00edba la suscripci\u00f3n y publicaci\u00f3n a sesiones remotas, no Oort, en los canales Oort y Seti"
}
],
"id": "CVE-2022-24721",
"lastModified": "2024-11-21T06:50:57.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T14:15:08.247",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cometd/cometd/issues/1146"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/cometd/cometd/issues/1146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2022-24721 (GCVE-0-2022-24721)
Vulnerability from cvelistv5 – Published: 2022-03-15 13:45 – Updated: 2025-04-23 18:53
VLAI
Title
Incorrect Authorization in org.cometd.oort
Summary
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cometd/cometd/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cometd/cometd/issues/1146 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:05.699070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:53:56.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cometd",
"vendor": "cometd",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T13:45:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in org.cometd.oort",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24721",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in org.cometd.oort"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cometd",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
}
]
},
"vendor_name": "cometd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
"refsource": "CONFIRM",
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"name": "https://github.com/cometd/cometd/issues/1146",
"refsource": "MISC",
"url": "https://github.com/cometd/cometd/issues/1146"
}
]
},
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24721",
"datePublished": "2022-03-15T13:45:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:53:56.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24721 (GCVE-0-2022-24721)
Vulnerability from nvd – Published: 2022-03-15 13:45 – Updated: 2025-04-23 18:53
VLAI
Title
Incorrect Authorization in org.cometd.oort
Summary
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cometd/cometd/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cometd/cometd/issues/1146 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:05.699070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:53:56.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cometd",
"vendor": "cometd",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T13:45:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in org.cometd.oort",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24721",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in org.cometd.oort"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cometd",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
}
]
},
"vendor_name": "cometd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
"refsource": "CONFIRM",
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"name": "https://github.com/cometd/cometd/issues/1146",
"refsource": "MISC",
"url": "https://github.com/cometd/cometd/issues/1146"
}
]
},
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24721",
"datePublished": "2022-03-15T13:45:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:53:56.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}