All the vulnerabilites related to quarkus - quarkus
cve-2023-6394
Vulnerability from cvelistv5
Published
2023-12-09 01:26
Modified
2024-11-23 03:30
Severity ?
EPSS score ?
Summary
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7612 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7700 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6394 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252197 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat build of Quarkus 2.13.9.Final |
Unaffected: 2.13.9.Final-redhat-00002 < * cpe:/a:redhat:quarkus:2.13 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7612"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6394"
},
{
"name": "RHBZ#2252197",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252197"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:24:22.279522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:25:33.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-smallrye-graphql",
"product": "Red Hat build of Quarkus 2.13.9.Final",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.9.Final-redhat-00002",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:quarkus:3.2::el8"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-smallrye-graphql",
"product": "Red Hat build of Quarkus 3.2.9.Final",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.2.9.Final-redhat-00002",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-12-08T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:30:49.525Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7612"
},
{
"name": "RHSA-2023:7700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7700"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6394"
},
{
"name": "RHBZ#2252197",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252197"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-30T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Quarkus: graphql operations over websockets bypass",
"x_redhatCweChain": "CWE-696-\u003eCWE-862: Incorrect Behavior Order leads to Missing Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6394",
"datePublished": "2023-12-09T01:26:52.908Z",
"dateReserved": "2023-11-30T04:05:52.129Z",
"dateUpdated": "2024-11-23T03:30:49.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20289
Vulnerability from cvelistv5
Published
2021-03-26 16:28
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "resteasy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_value": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20289",
"datePublished": "2021-03-26T16:28:44",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21724
Vulnerability from cvelistv5
Published
2022-02-02 11:48
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 | x_refsource_CONFIRM | |
| https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220311-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5196 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
},
{
"name": "FEDORA-2022-1151f65e9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-31T19:06:26",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
},
{
"name": "FEDORA-2022-1151f65e9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"source": {
"advisory": "GHSA-v7wg-cpwc-24m4",
"discovery": "UNKNOWN"
},
"title": "Unchecked Class Instantiation when providing Plugin Classes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21724",
"STATE": "PUBLIC",
"TITLE": "Unchecked Class Instantiation when providing Plugin Classes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4",
"refsource": "CONFIRM",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
},
{
"name": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813",
"refsource": "MISC",
"url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220311-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
},
{
"name": "FEDORA-2022-1151f65e9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3018-1] libpgjava security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"name": "DSA-5196",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
},
"source": {
"advisory": "GHSA-v7wg-cpwc-24m4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21724",
"datePublished": "2022-02-02T11:48:52",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:53:35.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25649
Vulnerability from cvelistv5
Published
2020-12-03 16:16
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | jackson-databind |
Version: jackson-databind-2.11.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jackson-databind",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "jackson-databind-2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:15:31",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "jackson-databind-2.11.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2589",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25649",
"datePublished": "2020-12-03T16:16:50",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5720
Vulnerability from cvelistv5
Published
2023-11-15 13:57
Modified
2024-08-02 08:07
Severity ?
EPSS score ?
Summary
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5720 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245700 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | gradle-plugin | |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5720"
},
{
"name": "RHBZ#2245700",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "gradle-plugin",
"vendor": "n/a"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank The Gradle Engineering Team for reporting this issue."
}
],
"datePublic": "2023-11-08T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "Cleartext Storage of Sensitive Information in an Environment Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:30:30.953Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5720"
},
{
"name": "RHBZ#2245700",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Quarkus: build env information disclosure via gradle plugin",
"x_redhatCweChain": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5720",
"datePublished": "2023-11-15T13:57:52.295Z",
"dateReserved": "2023-10-23T16:39:58.066Z",
"dateUpdated": "2024-08-02T08:07:32.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3642
Vulnerability from cvelistv5
Published
2021-08-05 20:48
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | wildfly-elytron |
Version: Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly-elytron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T17:37:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly-elytron",
"version": {
"version_data": [
{
"version_value": "Wildfly Elytron 1.10.14.Final, Wildfly Elytron 1.15.5.Final, Wildfly Elytron 1.16.1.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3642",
"datePublished": "2021-08-05T20:48:01",
"dateReserved": "2021-07-12T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13692
Vulnerability from cvelistv5
Published
2020-06-04 15:07
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-31T19:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
"refsource": "CONFIRM",
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"name": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
"refsource": "CONFIRM",
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13692",
"datePublished": "2020-06-04T15:07:37",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21295
Vulnerability from cvelistv5
Published
2021-03-09 18:35
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | netty | io.netty:netty-codec-http2 |
Version: < 4.1.60.Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/zuul/pull/980"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Assigned] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr commented on pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr opened a new pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] eolivelli commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad closed pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] asfgit closed pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch master updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4272 ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Resolved] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210401 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Commented] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell merged pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] HorizonNet commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Assigned] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210402 [hbase-thirdparty] branch master updated: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295 (#48)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-dev] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd%40%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[kafka-jira] 20210402 [jira] [Assigned] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210709 [GitHub] [jackrabbit-oak] blackat opened a new pull request #321: Update netty to resolve CVE-2021-21295 and BDSA-2018-4022",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf%40%3Ccommits.servicecomb.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.netty:netty-codec-http2",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.60.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:53",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/zuul/pull/980"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Assigned] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr commented on pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr opened a new pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] eolivelli commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad closed pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] asfgit closed pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch master updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4272 ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Resolved] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210401 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Commented] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell merged pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] HorizonNet commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Assigned] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210402 [hbase-thirdparty] branch master updated: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295 (#48)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8%40%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-dev] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd%40%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[kafka-jira] 20210402 [jira] [Assigned] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210709 [GitHub] [jackrabbit-oak] blackat opened a new pull request #321: Update netty to resolve CVE-2021-21295 and BDSA-2018-4022",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf%40%3Ccommits.servicecomb.apache.org%3E"
}
],
"source": {
"advisory": "GHSA-wm47-8v5p-wjpj",
"discovery": "UNKNOWN"
},
"title": "Possible request smuggling in HTTP/2 due missing validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21295",
"STATE": "PUBLIC",
"TITLE": "Possible request smuggling in HTTP/2 due missing validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.netty:netty-codec-http2",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.60.Final"
}
]
}
}
]
},
"vendor_name": "netty"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"name": "https://github.com/Netflix/zuul/pull/980",
"refsource": "MISC",
"url": "https://github.com/Netflix/zuul/pull/980"
},
{
"name": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4",
"refsource": "MISC",
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Assigned] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr commented on pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210331 [GitHub] [kafka] dongjinleekr opened a new pull request #10448: KAFKA-12583: Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] eolivelli commented on pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad closed pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] asfgit closed pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch master updated: ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4272 ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210331 [jira] [Resolved] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210401 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Commented] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210401 [jira] [Resolved] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell merged pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] HorizonNet commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Assigned] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] apurtell commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Updated] (HBASE-25728) [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-commits] 20210402 [hbase-thirdparty] branch master updated: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295 (#48)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8@%3Ccommits.hbase.apache.org%3E"
},
{
"name": "[hbase-dev] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd@%3Cdev.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #48: HBASE-25728 [hbase-thirdparty] Upgrade Netty library to \u003e= 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[hbase-issues] 20210402 [jira] [Created] (HBASE-25728) [hbase-thirdparty] ZOOKEEPER-4272: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[kafka-jira] 20210402 [jira] [Assigned] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969@%3Cjira.kafka.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210709 [GitHub] [jackrabbit-oak] blackat opened a new pull request #321: Update netty to resolve CVE-2021-21295 and BDSA-2018-4022",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210928 [jira] [Created] (ZOOKEEPER-4390) CVE-2021-28169 - Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf@%3Ccommits.servicecomb.apache.org%3E"
}
]
},
"source": {
"advisory": "GHSA-wm47-8v5p-wjpj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21295",
"datePublished": "2021-03-09T18:35:19",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0044
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 04:54
Severity ?
EPSS score ?
Summary
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | quarkus-vertx-http |
Version: 1.11.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0044"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quarkus-vertx-http",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross-site attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0044"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0044",
"datePublished": "2023-02-23T00:00:00",
"dateReserved": "2023-01-04T00:00:00",
"dateUpdated": "2024-08-02T04:54:32.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10693
Vulnerability from cvelistv5
Published
2020-05-06 13:03
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hibernate | hibernate-validator |
Version: 6.1.2.Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hibernate-validator",
"vendor": "Hibernate",
"versions": [
{
"status": "affected",
"version": "6.1.2.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:51",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hibernate-validator",
"version": {
"version_data": [
{
"version_value": "6.1.2.Final"
}
]
}
}
]
},
"vendor_name": "Hibernate"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10693",
"datePublished": "2020-05-06T13:03:33",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14900
Vulnerability from cvelistv5
Published
2020-07-06 18:35
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1666499 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220210-0020/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hibernate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.3.18"
},
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.4.18"
},
{
"status": "affected",
"version": "Versions before Hibernate ORM 5.5.0.Beta1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T09:07:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-14900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hibernate",
"version": {
"version_data": [
{
"version_value": "Versions before Hibernate ORM 5.3.18"
},
{
"version_value": "Versions before Hibernate ORM 5.4.18"
},
{
"version_value": "Versions before Hibernate ORM 5.5.0.Beta1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0020/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14900",
"datePublished": "2020-07-06T18:35:01",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42003
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T09:33:08.256001",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42003",
"datePublished": "2022-10-02T00:00:00",
"dateReserved": "2022-10-02T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6267
Vulnerability from cvelistv5
Published
2024-01-25 18:12
Modified
2024-12-04 07:16
Severity ?
EPSS score ?
Summary
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0494 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0495 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6267 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2251155 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat build of Quarkus 2.13.9.Final |
Unaffected: 2.13.9.Final-redhat-00003 < * cpe:/a:redhat:quarkus:2.13 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0494"
},
{
"name": "RHSA-2024:0495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0495"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6267"
},
{
"name": "RHBZ#2251155",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-resteasy",
"product": "Red Hat build of Quarkus 2.13.9.Final",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.9.Final-redhat-00003",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:3.2"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-resteasy",
"product": "Red Hat build of Quarkus 3.2.9.Final",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3.2.9.Final-redhat-00003",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "affected",
"packageName": "quarkus-resteasy-reactive",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"packageName": "resteasy",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:integration:1"
],
"defaultStatus": "affected",
"packageName": "resteasy-core",
"product": "Red Hat Integration Camel K",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-resteasy-reactive",
"product": "Red Hat Integration Camel Quarkus",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-24T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T07:16:20.011Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0494",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0494"
},
{
"name": "RHSA-2024:0495",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0495"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6267"
},
{
"name": "RHBZ#2251155",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.",
"x_redhatCweChain": "CWE-755: Improper Handling of Exceptional Conditions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6267",
"datePublished": "2024-01-25T18:12:44.771Z",
"dateReserved": "2023-11-23T06:34:22.287Z",
"dateUpdated": "2024-12-04T07:16:20.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29427
Vulnerability from cvelistv5
Published
2021-04-13 17:55
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC | |
| https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gradle",
"vendor": "gradle",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.1, \u003c= 6.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T17:55:24",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"
}
],
"source": {
"advisory": "GHSA-jvmj-rh6q-x395",
"discovery": "UNKNOWN"
},
"title": "Repository content filters do not work in Settings pluginManagement",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29427",
"STATE": "PUBLIC",
"TITLE": "Repository content filters do not work in Settings pluginManagement"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gradle",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.1, \u003c= 6.8.3"
}
]
}
}
]
},
"vendor_name": "gradle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
"refsource": "MISC",
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395",
"refsource": "CONFIRM",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"
}
]
},
"source": {
"advisory": "GHSA-jvmj-rh6q-x395",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29427",
"datePublished": "2021-04-13T17:55:24",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37714
Vulnerability from cvelistv5
Published
2021-08-18 15:10
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:23:01.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jsoup.org/news/release-1.14.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jsoup.org/news/release-1.14.2"
},
{
"name": "[james-notifications] 20210820 [GitHub] [james-project] chibenwa opened a new pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [GitHub] [james-project] chibenwa merged pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [james-project] branch master updated: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[maven-issues] 20210830 [jira] [Created] (WAGON-612) Update jsoup to \u003e= 1.14.2 for fix security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Created] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Updated] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Commented] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0022/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jsoup",
"vendor": "jhy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:31:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jsoup.org/news/release-1.14.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jsoup.org/news/release-1.14.2"
},
{
"name": "[james-notifications] 20210820 [GitHub] [james-project] chibenwa opened a new pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [GitHub] [james-project] chibenwa merged pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [james-project] branch master updated: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe%40%3Cnotifications.james.apache.org%3E"
},
{
"name": "[maven-issues] 20210830 [jira] [Created] (WAGON-612) Update jsoup to \u003e= 1.14.2 for fix security issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Created] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Updated] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Commented] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0022/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"advisory": "GHSA-m72m-mhq2-9p6c",
"discovery": "UNKNOWN"
},
"title": "Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37714",
"STATE": "PUBLIC",
"TITLE": "Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jsoup",
"version": {
"version_data": [
{
"version_value": "\u003c 1.14.2"
}
]
}
}
]
},
"vendor_name": "jhy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"refsource": "CONFIRM",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
},
{
"name": "https://jsoup.org/news/release-1.14.1",
"refsource": "MISC",
"url": "https://jsoup.org/news/release-1.14.1"
},
{
"name": "https://jsoup.org/news/release-1.14.2",
"refsource": "MISC",
"url": "https://jsoup.org/news/release-1.14.2"
},
{
"name": "[james-notifications] 20210820 [GitHub] [james-project] chibenwa opened a new pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b@%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [GitHub] [james-project] chibenwa merged pull request #609: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa@%3Cnotifications.james.apache.org%3E"
},
{
"name": "[james-notifications] 20210823 [james-project] branch master updated: [UPGRADE] JSOUP 1.14.1 -\u003e 1.14.2 to address CVE-2021-37714",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe@%3Cnotifications.james.apache.org%3E"
},
{
"name": "[maven-issues] 20210830 [jira] [Created] (WAGON-612) Update jsoup to \u003e= 1.14.2 for fix security issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Created] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Updated] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210901 [jira] [Commented] (MNG-7227) Fix CVE-2021-37714 present in apache-maven",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e@%3Cissues.maven.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0022/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0022/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"advisory": "GHSA-m72m-mhq2-9p6c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-37714",
"datePublished": "2021-08-18T15:10:11",
"dateReserved": "2021-07-29T00:00:00",
"dateUpdated": "2024-08-04T01:23:01.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21290
Vulnerability from cvelistv5
Published
2021-02-08 20:10
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"
},
{
"name": "[debian-lts-announce] 20210211 [SECURITY] [DLA 2555-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"
},
{
"name": "[kafka-jira] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [jira] [Assigned] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr opened a new pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2535) Netty 4.1.52 flagged as medium security violation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[activemq-users] 20210715 Next ActiveMQ Artemis Release - CVE-2021-21290 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.59.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method \"File.createTempFile\" on unix-like systems creates a random file, but, by default will create this file with the permissions \"-rw-r--r--\". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty\u0027s \"AbstractDiskHttpData\" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own \"java.io.tmpdir\" when you start the JVM or use \"DefaultHttpDataFactory.setBaseDir(...)\" to set the directory to something that is only readable by the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:48",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"
},
{
"name": "[debian-lts-announce] 20210211 [SECURITY] [DLA 2555-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"
},
{
"name": "[kafka-jira] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [jira] [Assigned] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr opened a new pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2535) Netty 4.1.52 flagged as medium security violation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[activemq-users] 20210715 Next ActiveMQ Artemis Release - CVE-2021-21290 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0011/"
}
],
"source": {
"advisory": "GHSA-5mcr-gq6c-3hq2",
"discovery": "UNKNOWN"
},
"title": "Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21290",
"STATE": "PUBLIC",
"TITLE": "Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netty",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.59.Final"
}
]
}
}
]
},
"vendor_name": "netty"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method \"File.createTempFile\" on unix-like systems creates a random file, but, by default will create this file with the permissions \"-rw-r--r--\". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty\u0027s \"AbstractDiskHttpData\" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own \"java.io.tmpdir\" when you start the JVM or use \"DefaultHttpDataFactory.setBaseDir(...)\" to set the directory to something that is only readable by the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-378: Creation of Temporary File With Insecure Permissions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"
},
{
"name": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"refsource": "MISC",
"url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"
},
{
"name": "[debian-lts-announce] 20210211 [SECURITY] [DLA 2555-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"
},
{
"name": "[kafka-jira] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210301 [jira] [Created] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [jira] [Assigned] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr opened a new pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210311 [jira] [Created] (ZOOKEEPER-4242) Upgrade Netty library to \u003e 4.1.59 due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2535) Netty 4.1.52 flagged as medium security violation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 \u0026 CVE-2021-21290",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210402 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21295",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[activemq-users] 20210715 Next ActiveMQ Artemis Release - CVE-2021-21290 vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0011/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0011/"
}
]
},
"source": {
"advisory": "GHSA-5mcr-gq6c-3hq2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21290",
"datePublished": "2021-02-08T20:10:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13956
Vulnerability from cvelistv5
Published
2020-12-02 16:20
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Apache HttpClient |
Version: 4.5.12 and prior, 5.0.2 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HttpClient",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:27",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HttpClient",
"version": {
"version_data": [
{
"version_value": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13956",
"datePublished": "2020-12-02T16:20:12",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29428
Vulnerability from cvelistv5
Published
2021-04-13 17:55
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC | |
| https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | x_refsource_CONFIRM | |
| https://github.com/gradle/gradle/pull/15654 | x_refsource_MISC | |
| https://github.com/gradle/gradle/pull/15240 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gradle/gradle/pull/15654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gradle/gradle/pull/15240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gradle",
"vendor": "gradle",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T17:55:18",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/gradle/pull/15654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gradle/gradle/pull/15240"
}
],
"source": {
"advisory": "GHSA-89qm-pxvm-p336",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation through system temporary directory",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29428",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation through system temporary directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gradle",
"version": {
"version_data": [
{
"version_value": "\u003c 7.0"
}
]
}
}
]
},
"vendor_name": "gradle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-378: Creation of Temporary File With Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
"refsource": "MISC",
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336",
"refsource": "CONFIRM",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
},
{
"name": "https://github.com/gradle/gradle/pull/15654",
"refsource": "MISC",
"url": "https://github.com/gradle/gradle/pull/15654"
},
{
"name": "https://github.com/gradle/gradle/pull/15240",
"refsource": "MISC",
"url": "https://github.com/gradle/gradle/pull/15240"
}
]
},
"source": {
"advisory": "GHSA-89qm-pxvm-p336",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29428",
"datePublished": "2021-04-13T17:55:18",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20328
Vulnerability from cvelistv5
Published
2021-02-25 16:30
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jira.mongodb.org/browse/JAVA-4017 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | MongoDB Inc. | mongo-java-driver |
Version: 3.11 < Version: 3.12 < |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:24.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*"
],
"defaultStatus": "unaffected",
"product": "java_driver",
"vendor": "mongodb",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T16:48:15.681647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T17:36:34.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mongo-java-driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver-sync",
"vendor": "MongoDB Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mongodb-driver-legacy",
"vendor": "MongoDB Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpecific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption.\u003c/p\u003e"
}
],
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T13:39:14.648Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "MongoDB Java driver client-side field level encryption not verifying KMS host name",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-02-25T17:00:00.000Z",
"ID": "CVE-2021-20328",
"STATE": "PUBLIC",
"TITLE": "MongoDB Java driver client-side field level encryption not verifying KMS host name"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mongo-java-driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
}
]
}
},
{
"product_name": "mongodb-driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
}
]
}
},
{
"product_name": "mongodb-driver-sync",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.0",
"version_value": "4.0.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_name": "4.2",
"version_value": "4.2.0"
}
]
}
},
{
"product_name": "mongodb-driver-legacy",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.11",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_name": "3.12",
"version_value": "3.12.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.0",
"version_value": "4.0.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_name": "4.2",
"version_value": "4.2.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/JAVA-4017",
"refsource": "MISC",
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2021-20328",
"datePublished": "2021-02-25T16:30:14.536970Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T19:10:28.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1584
Vulnerability from cvelistv5
Published
2023-10-04 10:47
Modified
2024-08-02 05:57
Severity ?
EPSS score ?
Summary
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:3809 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7653 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-1584 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2180886 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/quarkusio/quarkus/pull/32192 | ||
| https://github.com/quarkusio/quarkus/pull/33414 |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | |||||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:23.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:3809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:3809"
},
{
"name": "RHSA-2023:7653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1584"
},
{
"name": "RHBZ#2180886",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180886"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/quarkusio/quarkus/pull/32192"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/quarkusio/quarkus/pull/33414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com/artifact/io.quarkus",
"packageName": "quarkus-oidc",
"versions": [
{
"status": "unaffected",
"version": "3.1.0.CR1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-oidc",
"product": "Red Hat build of Quarkus 2.13.8.Final",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.8.Final-redhat-00004",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:service_registry:2.5"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-oidc",
"product": "RHINT Service Registry 2.5.4 GA",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Paulo Lopes (Red Hat)."
}
],
"datePublic": "2023-03-22T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:34.371Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:3809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:3809"
},
{
"name": "RHSA-2023:7653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1584"
},
{
"name": "RHBZ#2180886",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180886"
},
{
"url": "https://github.com/quarkusio/quarkus/pull/32192"
},
{
"url": "https://github.com/quarkusio/quarkus/pull/33414"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-22T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Quarkus-oidc: id and access tokens leak via the authorization code flow",
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1584",
"datePublished": "2023-10-04T10:47:37.831Z",
"dateReserved": "2023-03-22T20:15:15.323Z",
"dateUpdated": "2024-08-02T05:57:23.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18640
Vulnerability from cvelistv5
Published
2019-12-12 00:00
Modified
2024-08-05 21:28
Severity ?
EPSS score ?
Summary
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18640",
"datePublished": "2019-12-12T00:00:00",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-08-05T21:28:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29429
Vulnerability from cvelistv5
Published
2021-04-12 21:30
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | x_refsource_CONFIRM | |
| https://docs.gradle.org/7.0/release-notes.html#security-advisories | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gradle",
"vendor": "gradle",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system\u0027s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377 Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T21:30:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
}
],
"source": {
"advisory": "GHSA-fp8h-qmr5-j4c8",
"discovery": "UNKNOWN"
},
"title": "Information disclosure through temporary directory permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29429",
"STATE": "PUBLIC",
"TITLE": "Information disclosure through temporary directory permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gradle",
"version": {
"version_data": [
{
"version_value": "\u003c 7.0"
}
]
}
}
]
},
"vendor_name": "gradle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system\u0027s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377 Insecure Temporary File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8",
"refsource": "CONFIRM",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8"
},
{
"name": "https://docs.gradle.org/7.0/release-notes.html#security-advisories",
"refsource": "MISC",
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
}
]
},
"source": {
"advisory": "GHSA-fp8h-qmr5-j4c8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29429",
"datePublished": "2021-04-12T21:30:12",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4147
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quarkus-2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1026",
"description": "CWE-1026",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4147"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4147",
"datePublished": "2022-12-06T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T01:27:54.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25638
Vulnerability from cvelistv5
Published
2020-12-02 14:36
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1881353 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-4908 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | hibernate-core |
Version: Hibernate ORM versions before 5.4.24.Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:35.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
},
{
"name": "DSA-4908",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hibernate-core",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hibernate ORM versions before 5.4.24.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:15:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
},
{
"name": "DSA-4908",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hibernate-core",
"version": {
"version_data": [
{
"version_value": "Hibernate ORM versions before 5.4.24.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
},
{
"name": "DSA-4908",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"
},
{
"name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25638",
"datePublished": "2020-12-02T14:36:24",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:35.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-2471
Vulnerability from cvelistv5
Published
2021-10-20 10:49
Modified
2024-09-25 19:39
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | MySQL Connectors |
Version: 8.0.26 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:15:14.455458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:39:53.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Connectors",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.26 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:36:38",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.26 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2471",
"datePublished": "2021-10-20T10:49:38",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-25T19:39:53.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28491
Vulnerability from cvelistv5
Published
2021-02-18 15:50
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
References
| ▼ | URL | Tags |
|---|---|---|
| https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329 | x_refsource_MISC | |
| https://github.com/FasterXML/jackson-dataformats-binary/issues/186 | x_refsource_MISC | |
| https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | com.fasterxml.jackson.dataformat:jackson-dataformat-cbor |
Version: 0 < unspecified Version: unspecified < 2.11.4 Version: 2.12.0-rc1 < unspecified Version: unspecified < 2.12.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.12.0-rc1",
"versionType": "custom"
},
{
"lessThan": "2.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cowtowncoder"
}
],
"datePublic": "2021-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:17:12",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-02-18T15:46:36.779241Z",
"ID": "CVE-2020-28491",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
},
{
"version_affected": "\u003c",
"version_value": "2.11.4"
},
{
"version_affected": "\u003e=",
"version_value": "2.12.0-rc1"
},
{
"version_affected": "\u003c",
"version_value": "2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cowtowncoder"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"name": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28491",
"datePublished": "2021-02-18T15:50:15.260223Z",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-09-16T20:16:27.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37137
Vulnerability from cvelistv5
Published
2021-10-19 00:00
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The Netty project | Netty |
Version: unspecified < 4.1.68Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
},
{
"name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netty",
"vendor": "The Netty project",
"versions": [
{
"lessThan": "4.1.68Final",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
},
{
"name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-37137",
"datePublished": "2021-10-19T00:00:00",
"dateReserved": "2021-07-20T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38153
Vulnerability from cvelistv5
Published
2021-09-22 09:05
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Kafka |
Version: Apache Kafka 2.0.x < Version: Apache Kafka 2.1.x < Version: Apache Kafka 2.2.x < Version: Apache Kafka 2.3.x < Version: Apache Kafka 2.4.x < Version: Apache Kafka 2.5.x < Version: Apache Kafka 2.6.x < Version: Apache Kafka 2.7.x < Version: Apache Kafka 2.8.x < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:15.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Kafka",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "Apache Kafka 2.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "Apache Kafka 2.1.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.2.2",
"status": "affected",
"version": "Apache Kafka 2.2.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "Apache Kafka 2.3.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.1",
"status": "affected",
"version": "Apache Kafka 2.4.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.1",
"status": "affected",
"version": "Apache Kafka 2.5.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "Apache Kafka 2.6.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.1",
"status": "affected",
"version": "Apache Kafka 2.7.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "Apache Kafka 2.8.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Kafka would like to thank J. Santilli for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."
}
],
"metrics": [
{
"other": {
"content": {
"other": "moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:31:36",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing Attack Vulnerability for Apache Kafka Connect and Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-38153",
"STATE": "PUBLIC",
"TITLE": "Timing Attack Vulnerability for Apache Kafka Connect and Clients"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Kafka",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.0.x",
"version_value": "2.0.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.1.x",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.2.x",
"version_value": "2.2.2"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.3.x",
"version_value": "2.3.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.4.x",
"version_value": "2.4.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.5.x",
"version_value": "2.5.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.6.x",
"version_value": "2.6.2"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.7.x",
"version_value": "2.7.1"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Kafka 2.8.x",
"version_value": "2.8.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Kafka would like to thank J. Santilli for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kafka.apache.org/cve-list",
"refsource": "MISC",
"url": "https://kafka.apache.org/cve-list"
},
{
"name": "[kafka-dev] 20211007 Re: CVE Back Port?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211012 [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211012 [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20211026 Re: [kafka-clients] [VOTE] 2.7.2 RC0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c@%3Cdev.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-38153",
"datePublished": "2021-09-22T09:05:11",
"dateReserved": "2021-08-06T00:00:00",
"dateUpdated": "2024-08-04T01:37:15.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4853
Vulnerability from cvelistv5
Published
2023-09-20 09:47
Modified
2024-11-23 01:02
Severity ?
EPSS score ?
Summary
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Openshift Serverless 1 on RHEL 8 |
Unaffected: 0:1.9.2-3.el8 < * cpe:/a:redhat:serverless:1.0::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:5170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5170"
},
{
"name": "RHSA-2023:5310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5310"
},
{
"name": "RHSA-2023:5337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5337"
},
{
"name": "RHSA-2023:5446",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5446"
},
{
"name": "RHSA-2023:5479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5479"
},
{
"name": "RHSA-2023:5480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5480"
},
{
"name": "RHSA-2023:6107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6107"
},
{
"name": "RHSA-2023:6112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6112"
},
{
"name": "RHSA-2023:7653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4853"
},
{
"name": "RHSB-2023-002",
"tags": [
"technical-description",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-002"
},
{
"name": "RHBZ#2238034",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:serverless:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-clients",
"product": "Openshift Serverless 1 on RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.9.2-3.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-vertx-http",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-keycloak-authorization",
"product": "Red Hat build of Quarkus 2.13.8.SP2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.8.Final-redhat-00005",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-undertow",
"product": "Red Hat build of Quarkus 2.13.8.SP2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.8.Final-redhat-00005",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:2.13"
],
"defaultStatus": "affected",
"packageName": "io.quarkus/quarkus-vertx-http",
"product": "Red Hat build of Quarkus 2.13.8.SP2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.13.8.Final-redhat-00005",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2.13"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-vertx-http",
"product": "Red Hat Camel Extensions for Quarkus 2.13.3-1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/client-kn-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.9.2-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/ingress-rhel8-operator",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.1-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/knative-rhel8-operator",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.1-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/kn-cli-artifacts-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.9.2-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serverless-operator-bundle",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.1-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/serverless-rhel8-operator",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.1-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1/svls-must-gather-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.1-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.0-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1-tech-preview/logic-swf-builder-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.30::el8"
],
"defaultStatus": "affected",
"packageName": "openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8",
"product": "Red Hat OpenShift Serverless 1.30",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-kogito-builder-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.4-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-kogito-rhel8-operator",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.4-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-kogito-rhel8-operator-bundle",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.4-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7/rhpam-kogito-runtime-jvm-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.4-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"defaultStatus": "affected",
"packageName": "rhpam-7-tech-preview/rhpam-kogito-runtime-native-rhel8",
"product": "RHEL-8 based Middleware Containers",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7.13.4-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:camel_k:1"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-vertx-http",
"product": "RHINT Camel-K-1.10.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:service_registry:2.5"
],
"defaultStatus": "unaffected",
"packageName": "quarkus-vertx-http",
"product": "RHINT Service Registry 2.5.4 GA",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
],
"defaultStatus": "unaffected",
"product": "RHPAM 7.13.4 async",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"packageName": "quarkus-vertx-http",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
}
],
"datePublic": "2023-09-08T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-148",
"description": "Improper Neutralization of Input Leaders",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T01:02:43.871Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:5170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5170"
},
{
"name": "RHSA-2023:5310",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5310"
},
{
"name": "RHSA-2023:5337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5337"
},
{
"name": "RHSA-2023:5446",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5446"
},
{
"name": "RHSA-2023:5479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5479"
},
{
"name": "RHSA-2023:5480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5480"
},
{
"name": "RHSA-2023:6107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6107"
},
{
"name": "RHSA-2023:6112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6112"
},
{
"name": "RHSA-2023:7653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4853"
},
{
"name": "RHSB-2023-002",
"tags": [
"technical-description",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-002"
},
{
"name": "RHBZ#2238034",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238034"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Quarkus: http security policy bypass",
"workarounds": [
{
"lang": "en",
"value": "Use a \u2018deny\u2019 wildcard for base paths, then authenticate specifics within that:\n\nExamples:\n```\ndeny: /*\nauthenticated: /services/*\n```\nor\n```\ndeny: /services/*\nroles-allowed: /services/rbac/*\n```\n\nNOTE: Products are only vulnerable if they use (or allow use of) path-based HTTP policy configuration. Products may also be affected\u2013shipping the component in question\u2013without being vulnerable (\u201caffected at reduced impact\u201d).\n\nSee https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 for more detailed mitigations."
}
],
"x_redhatCweChain": "CWE-148: Improper Neutralization of Input Leaders"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4853",
"datePublished": "2023-09-20T09:47:32.150Z",
"dateReserved": "2023-09-08T16:10:38.379Z",
"dateUpdated": "2024-11-23T01:02:43.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43797
Vulnerability from cvelistv5
Published
2021-12-09 00:00
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.1.7.0.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to \"sanitize\" header names before it forward these to another remote system when used as proxy. This remote system can\u0027t see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
},
{
"url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
],
"source": {
"advisory": "GHSA-wx5j-54mm-rqqq",
"discovery": "UNKNOWN"
},
"title": "HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43797",
"datePublished": "2021-12-09T00:00:00",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21363
Vulnerability from cvelistv5
Published
2022-01-19 11:25
Modified
2024-09-24 20:18
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Oracle Corporation | MySQL Connectors |
Version: 8.0.27 and prior |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:38:55.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T17:38:01.377149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T20:18:47.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Connectors",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.27 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T11:25:43",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.27 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.6",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21363",
"datePublished": "2022-01-19T11:25:44",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T20:18:47.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26291
Vulnerability from cvelistv5
Published
2021-04-23 14:20
Modified
2024-08-03 20:19
Severity ?
EPSS score ?
Summary
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Maven |
Version: Apache Maven < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"name": "[maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c%40%3Cdev.maven.apache.org%3E"
},
{
"name": "[maven-users] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"name": "[oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/23/5"
},
{
"name": "[announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736%40%3Cannounce.apache.org%3E"
},
{
"name": "[jena-dev] 20210428 FYI: Maven CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457%40%3Cdev.jena.apache.org%3E"
},
{
"name": "[jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381%40%3Cdev.jena.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [GitHub] [kafka] dongjinleekr opened a new pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Assigned] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [GitHub] [kafka] omkreddy merged pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.6 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.8 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.7 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210720 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 opened a new pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20210809 [jira] [Commented] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 merged pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] jihoonson commented on pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Maven",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.8.1",
"status": "affected",
"version": "Apache Maven",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Maven would like to thank Jonathan Leitschuh for highlighting the need for this change."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Maven will follow repositories that are defined in a dependency\u2019s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unexpected Behavior",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:26:44",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"name": "[maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c%40%3Cdev.maven.apache.org%3E"
},
{
"name": "[maven-users] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"name": "[oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/23/5"
},
{
"name": "[announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736%40%3Cannounce.apache.org%3E"
},
{
"name": "[jena-dev] 20210428 FYI: Maven CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457%40%3Cdev.jena.apache.org%3E"
},
{
"name": "[jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381%40%3Cdev.jena.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [GitHub] [kafka] dongjinleekr opened a new pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Assigned] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [GitHub] [kafka] omkreddy merged pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.6 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.8 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.7 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002%40%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210720 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 opened a new pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20210809 [jira] [Commented] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 merged pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] jihoonson commented on pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac%40%3Cdev.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"source": {
"defect": [
"MNG-7118"
],
"discovery": "UNKNOWN"
},
"title": "block repositories using http by default",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-26291",
"STATE": "PUBLIC",
"TITLE": "block repositories using http by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Maven",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Maven",
"version_value": "3.8.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Maven would like to thank Jonathan Leitschuh for highlighting the need for this change."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Maven will follow repositories that are defined in a dependency\u2019s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unexpected Behavior"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"name": "[maven-dev] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c@%3Cdev.maven.apache.org%3E"
},
{
"name": "[maven-users] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00@%3Cusers.maven.apache.org%3E"
},
{
"name": "[oss-security] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/23/5"
},
{
"name": "[announce] 20210423 CVE-2021-26291: Apache Maven: block repositories using http by default",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736@%3Cannounce.apache.org%3E"
},
{
"name": "[jena-dev] 20210428 FYI: Maven CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457@%3Cdev.jena.apache.org%3E"
},
{
"name": "[jena-dev] 20210429 Re: FYI: Maven CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381@%3Cdev.jena.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210520 [jira] [Created] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [GitHub] [kafka] dongjinleekr opened a new pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210520 [jira] [Assigned] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [GitHub] [kafka] omkreddy merged pull request #10739: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.6 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.8 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20210521 [jira] [Resolved] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-commits] 20210521 [kafka] branch 2.7 updated: KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002@%3Ccommits.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210718 [jira] [Created] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210719 [jira] [Assigned] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210720 [jira] [Commented] (KARAF-7224) Impact of CVE-2021-26291 on Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 opened a new pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20210809 [jira] [Commented] (KAFKA-12820) Upgrade maven-artifact dependency to resolve CVE-2021-26291",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] abhishekagarwal87 merged pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210809 [GitHub] [druid] jihoonson commented on pull request #11562: suppress CVE-2021-26291 on kafka-clients",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"
},
{
"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5@%3Cdev.kafka.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5@%3Cdev.kafka.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac@%3Cdev.kafka.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac@%3Cdev.kafka.apache.org%3E"
},
{
"name": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
},
"source": {
"defect": [
"MNG-7118"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-26291",
"datePublished": "2021-04-23T14:20:13",
"dateReserved": "2021-01-27T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25633
Vulnerability from cvelistv5
Published
2020-09-18 18:10
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat | resteasy-client |
Version: through 4.5.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:35.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "resteasy-client",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "through 4.5.6 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server\u0027s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:10:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy-client",
"version": {
"version_data": [
{
"version_value": "through 4.5.6 "
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server\u0027s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25633",
"datePublished": "2020-09-18T18:10:44",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:35.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0981
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2062520 | x_refsource_MISC | |
| https://github.com/quarkusio/quarkus/issues/23269 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quarkusio/quarkus/issues/23269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quarkus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "quarkus 2.7.1.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T19:46:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quarkusio/quarkus/issues/23269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "quarkus",
"version": {
"version_data": [
{
"version_value": "quarkus 2.7.1.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
},
{
"name": "https://github.com/quarkusio/quarkus/issues/23269",
"refsource": "MISC",
"url": "https://github.com/quarkusio/quarkus/issues/23269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0981",
"datePublished": "2022-03-23T19:46:41",
"dateReserved": "2022-03-15T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28170
Vulnerability from cvelistv5
Published
2021-05-26 21:55
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse-ee4j/el-ri/issues/155 | x_refsource_CONFIRM | |
| https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The Eclipse Foundation | Jakarta Expression Language Implementation |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jakarta Expression Language Implementation",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 3.0.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:35",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jakarta Expression Language Implementation",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.0.3"
},
{
"version_affected": "?\u003e",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse-ee4j/el-ri/issues/155",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/",
"refsource": "CONFIRM",
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2021-28170",
"datePublished": "2021-05-26T21:55:09",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-08-03T21:40:12.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42004
Vulnerability from cvelistv5
Published
2022-10-02 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42004",
"datePublished": "2022-10-02T00:00:00",
"dateReserved": "2022-10-02T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1714
Vulnerability from cvelistv5
Published
2020-05-13 18:25
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714 | x_refsource_CONFIRM | |
| https://github.com/keycloak/keycloak/pull/7053 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/keycloak/keycloak/pull/7053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 11.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T18:25:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/keycloak/keycloak/pull/7053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "before 11.0.0"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"
},
{
"name": "https://github.com/keycloak/keycloak/pull/7053",
"refsource": "CONFIRM",
"url": "https://github.com/keycloak/keycloak/pull/7053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1714",
"datePublished": "2020-05-13T18:25:56",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4116
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quarkus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "quarkus-2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote COde Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4116",
"datePublished": "2022-11-22T00:00:00",
"dateReserved": "2022-11-22T00:00:00",
"dateUpdated": "2024-08-03T01:27:54.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37136
Vulnerability from cvelistv5
Published
2021-10-19 00:00
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | The Netty project | Netty |
Version: unspecified < 4.1.68Final |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
},
{
"name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Netty",
"vendor": "The Netty project",
"versions": [
{
"lessThan": "4.1.68Final",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
},
{
"name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"name": "DSA-5316",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2021-37136",
"datePublished": "2021-10-19T00:00:00",
"dateReserved": "2021-07-20T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8908
Vulnerability from cvelistv5
Published
2020-12-10 22:10
Modified
2024-08-04 10:12
Severity ?
EPSS score ?
Summary
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Google LLC | Guava |
Version: 1.0 < 32.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/google/guava/issues/4011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch master updated: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz edited a comment on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] cgivre commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210619 [GitHub] [drill] luocooong commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Updated] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi opened a new pull request #3561: Yarn 10980",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hive-dev] 20211018 [jira] [Created] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi edited a comment on pull request #3561: YARN-10980:fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Updated] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Work logged] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Comment Edited] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hive-gitbox] 20211018 [GitHub] [hive] lujiefsi opened a new pull request #2725: HIVE-25617:fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Commented] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Created] (GEODE-9744) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug like CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) like CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pig-dev] 20211021 [GitHub] [pig] lujiefsi opened a new pull request #36: PIG-5417:Replace guava\u0027s Files.createTempDir()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guava",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "32.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jonathan Leitschuh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime\u0027s java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\u003c/p\u003e"
}
],
"value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime\u0027s java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T09:48:41.702Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/google/guava/issues/4011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch master updated: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz edited a comment on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] cgivre commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210619 [GitHub] [drill] luocooong commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Updated] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi opened a new pull request #3561: Yarn 10980",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hive-dev] 20211018 [jira] [Created] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi edited a comment on pull request #3561: YARN-10980:fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Updated] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Work logged] (HIVE-25617) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Comment Edited] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hive-gitbox] 20211018 [GitHub] [hive] lujiefsi opened a new pull request #2725: HIVE-25617:fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Commented] (YARN-10980) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Created] (GEODE-9744) fix CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug like CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) like CVE-2020-8908",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pig-dev] 20211021 [GitHub] [pig] lujiefsi opened a new pull request #36: PIG-5417:Replace guava\u0027s Files.createTempDir()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Temp directory permission issue in Guava",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2020-8908",
"STATE": "PUBLIC",
"TITLE": "Temp directory permission issue in Guava"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Guava",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "stable",
"version_value": "9.09.15"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime\u0027s java.io.tmpdir system property to point to a location whose permissions are appropriately configured."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-378: Creation of Temporary File With Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/guava/issues/4011",
"refsource": "CONFIRM",
"url": "https://github.com/google/guava/issues/4011"
},
{
"name": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40",
"refsource": "CONFIRM",
"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch master updated: Updating Guava to 30.1 due to CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E"
},
{
"name": "[ws-commits] 20210104 [ws-wss4j] branch 2_3_x-fixes updated: Updating Guava to 30.1 due to CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 03/04: Updating Guava to 30.1 due to CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210104 [cxf] 02/02: Updating Guava to 30.1 due to CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[myfaces-dev] 20210506 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #817: build: CVE fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E"
},
{
"name": "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz edited a comment on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] ssainz commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210618 [GitHub] [drill] cgivre commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210619 [GitHub] [drill] luocooong commented on issue #2260: CVE-2020-8908 in Guava v.28.2-jre, should upgrade to v.30.1.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Updated] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi opened a new pull request #3561: Yarn 10980",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Created] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-dev] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"name": "[hive-dev] 20211018 [jira] [Created] (HIVE-25617) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211018 [GitHub] [hadoop] lujiefsi edited a comment on pull request #3561: YARN-10980:fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Updated] (HIVE-25617) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211018 [jira] [Work logged] (HIVE-25617) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Comment Edited] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Resolved] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[hive-gitbox] 20211018 [GitHub] [hive] lujiefsi opened a new pull request #2725: HIVE-25617:fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hadoop-yarn-issues] 20211018 [jira] [Commented] (YARN-10980) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Created] (GEODE-9744) fix CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug like CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) bug CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E"
},
{
"name": "[geode-issues] 20211018 [jira] [Updated] (GEODE-9744) like CVE-2020-8908",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pig-dev] 20211021 [GitHub] [pig] lujiefsi opened a new pull request #36: PIG-5417:Replace guava\u0027s Files.createTempDir()",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2020-8908",
"datePublished": "2020-12-10T22:10:58",
"dateReserved": "2020-02-12T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25724
Vulnerability from cvelistv5
Published
2021-05-26 20:52
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1899354 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210702-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "resteasy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "resteasy 2.0.0.Alpha3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-567",
"description": "CWE-567",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T11:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resteasy",
"version": {
"version_data": [
{
"version_value": "resteasy 2.0.0.Alpha3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-567"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210702-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210702-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25724",
"datePublished": "2021-05-26T20:52:06",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1728
Vulnerability from cvelistv5
Published
2020-04-06 13:04
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keycloak",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T13:04:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.8/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1728",
"datePublished": "2020-04-06T13:04:23",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21409
Vulnerability from cvelistv5
Published
2021-03-30 15:05
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:16.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.61.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:24:02",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"advisory": "GHSA-f256-j965-7f32",
"discovery": "UNKNOWN"
},
"title": "Possible request smuggling in HTTP/2 due missing validation of content-length",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21409",
"STATE": "PUBLIC",
"TITLE": "Possible request smuggling in HTTP/2 due missing validation of content-length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netty",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.61.Final"
}
]
}
}
]
},
"vendor_name": "netty"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"refsource": "MISC",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"name": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"refsource": "MISC",
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"advisory": "GHSA-f256-j965-7f32",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21409",
"datePublished": "2021-03-30T15:05:17",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:16.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2466
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/quarkusio/quarkus/issues/26748 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quarkusio/quarkus/issues/26748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quarkus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "quarkus 2.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T15:33:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quarkusio/quarkus/issues/26748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "quarkus",
"version": {
"version_data": [
{
"version_value": "quarkus 2.10.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quarkusio/quarkus/issues/26748",
"refsource": "MISC",
"url": "https://github.com/quarkusio/quarkus/issues/26748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2466",
"datePublished": "2022-08-31T15:33:01",
"dateReserved": "2022-07-19T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0481
Vulnerability from cvelistv5
Published
2023-02-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/quarkusio/quarkus/pull/30694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quarkus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 2.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/quarkusio/quarkus/pull/30694"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0481",
"datePublished": "2023-02-24T00:00:00",
"dateReserved": "2023-01-24T00:00:00",
"dateUpdated": "2024-08-02T05:10:56.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202012-1529
Vulnerability from variot
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)
-
xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)
-
xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)
-
xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)
-
xstream: ReDoS vulnerability (CVE-2021-21348)
-
xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)
-
xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)
-
xstream: SSRF via crafted input stream (CVE-2021-21342)
-
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
-
xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)
-
xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)
-
xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream
The References section of this erratum contains a download link (you must log in to download the update). See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1427
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update Advisory ID: RHSA-2020:5342-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:5342 Issue date: 2020-12-03 CVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)
-
hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)
-
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20029 - GSS Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - GSS Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - GSS Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8 JBEAP-20239 - GSS Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - GSS Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - GSS Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final
- Package List:
Red Hat JBoss EAP 7.3 for BaseOS-8:
Source: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm eap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm eap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm eap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm eap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083 iv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv ykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa 7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc +yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06 xBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg XRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7 n29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC ga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba HcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y QkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO B8NkNn8eYYs=+qXq -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
You must restart the JBoss server process for the update to take effect
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "agile product lifecycle management integration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.10.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.5.0"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "iotdb",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "0.12.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.4"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quarkus",
"scope": "lte",
"trust": 1.0,
"vendor": "quarkus",
"version": "1.6.1"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.10.5.1"
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.7"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "oncommand api services",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "quarkus",
"scope": null,
"trust": 0.8,
"vendor": "quarkus",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.10.5.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.7",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.4",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.12.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "159973"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160349"
},
{
"db": "PACKETSTORM",
"id": "159767"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25649",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-179648",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25649",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25649",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-179648",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25649",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only\nerrata is to inform you about the security issues fixed in this release. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the\nXMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the\nprocessed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input\nstream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling\n(CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when\nunmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data\nstreams from an arbitrary URL referencing a resource in an intranet or the\nlocal host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by\nmanipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21347)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21346)\n\n* xstream: allow a remote attacker who has sufficient rights to execute\ncommands of the host only by manipulating the processed input stream\n(CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream\n(CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n\n5. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1427\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\n\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update\nAdvisory ID: RHSA-2020:5342-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5342\nIssue date: 2020-12-03\nCVE Names: CVE-2020-25638 CVE-2020-25644 CVE-2020-25649\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (CVE-2020-25649)\n\n* hibernate-core: SQL injection vulnerability when both\nhibernate.use_sql_comments and JPQL String literals are used\n(CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n(CVE-2020-25644)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016\nJBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat\nJBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001\nJBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final\nJBEAP-20223 - Tracker bug for the EAP 7.3.4 release for RHEL-8\nJBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final\nJBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final\nJBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final\nJBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002\nJBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile\nJBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007\nJBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.src.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.src.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.src.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.src.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.src.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-6.redhat_00016.1.el8eap.noarch.rpm\neap7-fge-btf-1.2.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-fge-msg-simple-1.1.0-1.redhat_00007.1.el8eap.noarch.rpm\neap7-hal-console-3.2.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.21-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-coreutils-1.6.0-1.redhat_00006.1.el8eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-3.redhat_00002.1.el8eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jasypt-1.9.3-1.redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-marshalling-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-marshalling-river-2.0.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-remoting-5.0.19-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-3.Final_redhat_00004.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.11-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.32-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.4-3.GA_redhat_00003.1.el8eap.noarch.rpm\neap7-wildfly-openssl-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-1.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-25638\nhttps://access.redhat.com/security/cve/CVE-2020-25644\nhttps://access.redhat.com/security/cve/CVE-2020-25649\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX8k7Y9zjgjWX9erEAQgaMA/8D6uRPrTX/XmXtkeZw9Y9yMoLHIYpl083\niv71vIyCkmQXHFmsYidw0jI6euRhHmihMY5DMyci3zAHqa7KbX1pqQsXWPIvWVnv\nykpkGtPGUoqlJU7FDZq00Vk+/bykOEIcAmBJJCoNuLAS09gub2l2UPD3QGC1cZfa\n7ziYlGTufSOYN6RInoSGiOgqUpYQzF35oZT2Vwc5b92ZGx6rj08vrCGNmF9SXRYc\n+yy1IIVGMdYe/1IEcpq936F8AKxJYiqyhsLP4orkt1GxC5P8RGnGvUoIwZmrDq06\nxBPP44WmbAmFu8t3hcBUBs+ewzAc9swmy7ZKu8yuJfmxcDlyz/pVpPg8tLfCZRbg\nXRekSfvEzRw6lidGv5vMqUUoRxJd5LicaWSW93jus01UahLVMTGyPMAVHcdeP1P7\nn29R5ZNWk5e9cWCmTL10T3+6Rf4brnbUf09mCsgSwSsuejCoxdD0JLaC0z953cqC\nga5z8xSYtXmQdhOKZIhQ17el2Prdw82Vw11dNFvN3AsQMu3exSOp+MAhh9bs5/Ba\nHcvSdryXIkEy/3atBUZxoDZu6ZJRHB0yWuk3CsvoW3lJuBGhVS1Wah+9g8Lq0H5y\nQkpRwaCU+SxNXG+VAq59ZP8jKyl87mMzRQ4w0touglb/YqSZfp2dpAqC5t8zPfeO\nB8NkNn8eYYs=+qXq\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nYou must restart the JBoss server process for the update to take effect",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "159973"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160349"
},
{
"db": "PACKETSTORM",
"id": "159767"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25649",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160349",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160346",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162478",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159973",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162696",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159767",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160347",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159680",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160535",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202010-622",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-179648",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-25649",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "159973"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160349"
},
{
"db": "PACKETSTORM",
"id": "159767"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"id": "VAR-202012-1529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:57:50.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-111",
"trust": 0.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2589"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204401 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205410 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204402 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Eclipse Vert.x 3.9.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204379 - security advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204312 - security advisory"
},
{
"title": "Red Hat: Low: RHV-M(ovirt-engine) 4.4.z security, bug fix, enhancement update [ovirt-4.4.4]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210381 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205341 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205340 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205342 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205344 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205533 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.7.2 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205361 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by vulnerability in jackson-databind (CVE-2020-25649)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5d8938176e857437de15675453ad2b9a"
},
{
"title": "IBM: Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e73bd45b3af488f816a21700b2fd0ee8"
},
{
"title": "IBM: Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=83af1574b941aa6afccbfb11a9d6dd60"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0169ebe66d0191409c7149d7151593fb"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-111"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "sbom-utility",
"trust": 0.1,
"url": "https://github.com/cyclonedx/sbom-utility "
},
{
"title": "Apache JMeter",
"trust": 0.1,
"url": "https://github.com/mosaic-hgw/jmeter "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pctf/vulnerable-app "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
},
{
"problemtype": "XML Improper restrictions on external entity references (CWE-611) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25649"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"trust": 1.1,
"url": "https://github.com/fasterxml/jackson-databind/issues/2589"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3ccommits.turbine.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3cdev.knox.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3ccommits.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3cnotifications.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3cuser.spark.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3cdev.knox.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25649"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25638"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3ccommits.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3cnotifications.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3cdev.knox.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3cdev.knox.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3cuser.spark.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3ccommits.turbine.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2475"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.eclipse.vertx\u0026version=3.9.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4401"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "159973"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160349"
},
{
"db": "PACKETSTORM",
"id": "159767"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "159973"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160349"
},
{
"db": "PACKETSTORM",
"id": "159767"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-179648"
},
{
"date": "2020-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"date": "2021-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"date": "2021-05-19T14:19:36",
"db": "PACKETSTORM",
"id": "162696"
},
{
"date": "2021-06-17T18:16:15",
"db": "PACKETSTORM",
"id": "163201"
},
{
"date": "2020-12-03T20:27:14",
"db": "PACKETSTORM",
"id": "160346"
},
{
"date": "2020-11-09T19:20:13",
"db": "PACKETSTORM",
"id": "159973"
},
{
"date": "2021-05-06T01:15:29",
"db": "PACKETSTORM",
"id": "162478"
},
{
"date": "2020-12-03T20:27:59",
"db": "PACKETSTORM",
"id": "160349"
},
{
"date": "2020-10-29T14:40:25",
"db": "PACKETSTORM",
"id": "159767"
},
{
"date": "2020-12-03T17:15:12.503000",
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-179648"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25649"
},
{
"date": "2021-07-20T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"date": "2023-11-07T03:20:18.977000",
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162696"
},
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "160349"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "160346"
},
{
"db": "PACKETSTORM",
"id": "160349"
}
],
"trust": 0.2
}
}
var-202110-1706
Vulnerability from variot
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack. The purpose of this text-only errata is to inform you about the security issues fixed. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7 JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001 JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001 JBEAP-23241 - GSS Upgrade jberet from 1.3.9 to 1.3.9.SP1 JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042 JBEAP-23300 - GSS Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1 JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001 JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001 JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002 JBEAP-23338 - GSS Upgrade Undertow from 2.2.16 to 2.2.17.SP3 JBEAP-23339 - GSS Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1 JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002 JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x JBEAP-23429 - PM JDK17 Update Tested Configurations page and make note in Update release notes JBEAP-23432 - GSS Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05 JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003 JBEAP-23531 - GSS Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4 JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.12 Release Advisory ID: RHSA-2022:8506-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:8506 Issue date: 2022-11-16 CVE Names: CVE-2021-37136 CVE-2021-37137 CVE-2022-22818 CVE-2022-24836 CVE-2022-25648 CVE-2022-29970 CVE-2022-32209 CVE-2022-34265 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components.
- Relevant releases/architectures:
Red Hat Satellite 6.12 for RHEL 8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * python3-django: Possible XSS via template tag (CVE-2022-22818) * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836) * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970) * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648) * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209) * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document.
- Solution:
For Red Hat Satellite 6.12, see the following documentation for the release. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12
The important instructions on how to upgrade are available below. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite
- Bugs fixed (https://bugzilla.redhat.com/):
1309740 - [RFE] As a user, I want to schedule a job and receive an e-mail summary when it completes
1703496 - Satellite audits cleanup
1732590 - Cannot add filter on same RPM name with different architectures
1775813 - A publish content view displays (Invalid Date) for the date and time of when the content view was published.
1829468 - [RFE] Be able to retrieve the software vendor package from the installed package
1830968 - [RFE] API should return simple results to understand if the repositories for hosts are enabled or not.
1834897 - [RFE] Remove the configuration 'env=Library' created by the virt-who configuration plugin in the Satellite WebUI
1850393 - [RFE] REX Pull Provider
1868175 - Red Hat Satellite should notify about published content view while removing Lifecycle environment
1868323 - "Confirm services restart" modal window grammatically does not respect that multiple systems are selected for a reboot
1870816 - Deploy script breaks when the password of hypervisor contains single quotes
1879811 - [ALL_LANG] [SAT_6.8 | 6.9 | 6.10|6.11 ] Web elements are not localized (Available Button, ON/OFF Switch Button)
1884148 - description of filter_host_parents does not match virt-who-config
1892218 - Multi-page listing when adding repositories to Content Views confuses the number of repositories to add
1892752 - Scheduled job "Create RSS notifications" does not use proxy
1894033 - [RFE] Add SSH User field to Advanced Fields in Job Invocation of SSH Command - remote_execution_ssh_user per Remote Execution task
1908841 - Capsule certs regeneration fails with an error if the organization has a ' in the name
1912941 - Verbose log outputs for Ansible jobs are reported to all Hosts present on the Job.
1925165 - [RFE] Unordered RPMs in repodata decrease compression efficiency
1930577 - when running ReX via SSH on 2242 hosts, got "Timed out reading data from server"
1931532 - When running remote execution from Satellite to an RHEL 8 with tlog enabled it fails.
1931665 - Need clearer error message when manifest is no longer valid when syncing inventory
1934210 - Bad HTTP method requests filling up /var/log/messages with stack traces
1938092 - [RFE] Insights recommendations should have url links for related knowledgebase article and c.r.c.
1940396 - [RFE] Introduction of GUI based option to be able to bulk select and remove Content View versions in Red Hat Satellite 6
1951542 - Insights Table doesnt translate the pagination strings
1952939 - [RFE] Support for Satellite Tools version-1 repository is version.
1959136 - Backtick in password causes failure during deployment of virt-who config.
1962253 - Global registration succeeded but throwing error messages when auto-attach is true
1964080 - [BUG] The != and ~ search params does not work with os_minor parameter in Satellite 6.9
1970132 - [BUG] Invalid choice for template_kind listed for os_default_template module
1970623 - [BUG] Error Can't join 'Katello::ContentFacetRepository' to association named 'hostgroup' when clicking on "Errata Installation" inside a host_collection as a non-admin user
1971747 - "Registered Content Hosts" Report is Showing the Wrong Available Kernel Version for RHEL 7.7 Client
1973329 - Provide upstream repository name value to allow a name change on the repository to not break Satellite if an enabled repository's name gets changed
1974180 - Default user input value is not set for job invocation
1981444 - "Subscription - Entitlement Report" does not show correct number of subscriptions attached/consumed
1982698 - Ansible playbook execution crash for Hosts: localhost
1982745 - Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup
1984400 - Capsule upgrade/install fails due to proxy configuration in 'HTTP(S) proxy' in settings
1989631 - Ruby warning: URI.escape is obsolete after the host is provisioned
1990119 - Documentation bug for the compute_resource module
1991557 - Many Postgres ERRORs (duplicate key) especially on RedHat repo sync
1994877 - [RFE] Example is missing in "Install packages" option in the Advanced Tab of "Register Host" form.
1994945 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error
1998477 - Add Simple content access status API to check whether SCA is enabled or disabled in Satellite
2000613 - The login page exposes version of the satellite
2001517 - [RFE] Allow "on_demand" download policy for repositories of content_type docker
2001552 - Host facts are not uploaded to satellite when content host is registered with Satellite using global registration form.
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
2006974 - [ALL_LANG] [SAT_6.10 | 6.11] 'No matches found' text is untranslated in search bar
2007117 - [ ALL_LANG] [SAT_6.10 | 6.11] 'Filter' string from switcher section search box is not marked as translatable string
2011312 - Misspelled word in tooltip "Toggel" instead of "Toggle"
2013611 - Hammer compute-profile create missing 'boot_order' from 'compute-attributes'
2015062 - Scap Content Page redirects to Satellite documentation instead of Scap Content
2015757 - 'Mail enabled' setting cannot be switched with the hammer user command.
2016924 - The value set by 'hammer activation-key content-override'command cannot be confirmed by 'hammer activation-key info' command.
2022065 - ansible modules don't work correctly when a HTTP?HTTPS redirect occurs
2022649 - Hammer unable to send correct value for for Job Templates in order to update ALL packages.
2024175 - [RFE] Include Tower extra vars feature when calling the API callback
2024576 - Extra audit record created on Organization create action
2024968 - [RFE] Expose parameter trusted_proxies on satellite-installer
2025892 - [RFE] Allow configuring cockpit with multiple origins through satellite-installer
2025926 - [RFE] Identify host Build Token using hammer
2027947 - HypervisorHeartbeatUpdateJob is taking long time to process and updates wrong consumer records
2028112 - Ansible roles are failed with exit status 0 but the job is showing status success and the task is also showing result success.
2033321 - Manifest refresh fails on Candlepin: One or more pools was left in an undefined state
2033381 - Remove the space at the end of foreman-proxy-certs-generate printed installer cmd
2035287 - The online backup attempt still shows a warning about mongodb when executed in Satellite 6.10
2036151 - Can't assign different networks on 2+ NICs with vNIC profiles selected
2038989 - [RFE] Satellite Security Concerns for Apache
2043126 - Non-enabled repository types make it into the apipie help-text
2043242 - [RFE] make worker show what task they are currently running
2048547 - When using async_ssh true and for some reason the script retrieve.sh fails to, the task remain stuck
2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag
2049595 - missing information about puppet attributes in API/CLI
2051648 - [RFE] Better Detail When Job Fails Due To SSH Problem
2051891 - vCPUs in RHV getting reset to one vCPU after editing a host in Satellite
2052076 - foreman-proxy does not log permissions errors when trying to read ssl_ca.pem
2053842 - The "Serve via HTTP" and "Verify SSL" options in Repo Discovery page does not functions at all in Satellite 7.0
2054011 - Submit button on Edit page of a host will revert back to a invalid page on Satellite
2054042 - [RFE] Logs in dynflow console needs more descriptive when SSH REX job fails on Satellite 7.
2054786 - {"publication":["Invalid hyperlink - Object does not exist."]} error when syncing a repository
2054969 - Navigation switch between multiple capsules don't work as expected
2055391 - After upgrade products with repositories that had Ignorable Content = drpm can no longer be modified
2055416 - redhat.satellite.content_upload ansible module with unexpected src parameter behavior
2055979 - [RFE] - use native Ansible module for Install from git job template
2056188 - The redesigned Host page in Satellite does not offers any option to invoke/schedule a remote execution job for a client system
2056702 - Import library with overlapping content can fail with unique-constraint violation
2058037 - UEFI: Grub network boot templates need to be updated
2059179 - job template selector missing id in the new rex wizard
2060651 - Cannot upload a package to a repository if the same package already exists in another repository, but is not downloaded
2062800 - OpenSCAP is using the removed puppetrun setting
2064979 - Clients can't subscribe to or enable Red Hat repositories after renewing subscriptions
2068454 - repositories/import_uploads API endpoint do require two mandatory parameters
2069306 - [RFE] Need syncable yum-format repository exports
2069440 - [RFE] new host ui details, upgrades to host status
2069634 - new host ui details, unable to read the host from different taxonomies when logged in
2070001 - Space reclaiming fails on a blank Satellite
2070535 - Content View publish fails with error PG::CardinalityViolation: ERROR: ON CONFLICT DO UPDATE command cannot affect row a second time.
2070732 - Use more accurate messaging when host statuses are cleared
2070972 - Sentence case fixes needed in the new Host page
2072696 - Creating ESX compute resource on vcenter 7.x fails with InvalidArgument: A specified parameter was not correct: deviceChange[1].device.key
2073305 - installer spams with katello-certs-check output when using custom certs
2074346 - CVE-2022-24836 nokogiri: ReDoS in HTML encoding detection
2075056 - new host ui details, repository sets, search auto-complete is missing
2076843 - CVE-2022-25648 ruby-git: package vulnerable to Command Injection via git argument injection
2077811 - new host ui, content, errata subtab, when N/A is chosen as severity filter erratas results are empty
2077822 - new host ui details, add button to navigate to old content UI
2077824 - [RFE] API to allow search by object ID on any object
2080324 - Satellite incorrectly reports email test success
2080423 - Docker pull fails with 'missing or empty Content-Length header'
2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
2084130 - CertificateCleanupJob fails with foreign key constraint violation on table cp_upstream_consumer
2085490 - Discovery and bootdisk templates don't get description populated from metadata
2088303 - Webhook raises "certificate verify failed" error even the target host is trusted by the system SSL CA bundle
2089445 - The About page under Administer still refers to IRC channel at Freenode
2089828 - default Organization and location not set for AD users
2091044 - new host ui details,ansible roles, submitting form without any roles should show warning
2092039 - Content import fails if repo labels differ and repo is already imported
2093884 - Every CV Publish+Promote action followed by an automated Capsule sync task generates a huge traceback "(ActiveRecord::RecordNotFound): Couldn't find ForemanTasks::Task::DynflowTask" in Satellite 6.11
2094019 - Missing LCE and CV label in CLI CDN configuration
2095187 - Fail to create virtwho config on nutanix env for error "Invalid option for hypervisor [ahv]"
2095820 - All errata are applied when user only selects certain errata
2096429 - Global Registration will fail if use a different language
2098240 - [RFE] Add 'System purpose' card to new host details / Overview tab
2099620 - Starting or Restarting foreman.socket will raise a harmless "TCP_NODELAY failed: Operation not supported" error in Red Hat Satellite 6.9/6.10/6.11
2100578 - satellite-clone should enable the Satellite module
2100887 - Repository sets and Errata tabs do not show toggle group when host is in Library environment but non-default content view
2101579 - Retain packages on Repository removes RPMs from Pulp but not from Katello
2101882 - CVE-2022-32209 rubygem-rails-html-sanitizer: possible xss with certain configurations
2101986 - Getting "NoPermission: Permission to perform this operation was denied." when edit host or compute profile
2102145 - 'Satellite-maintain backup online' states info about Mongo in the warning message
2102456 - [RFE] - Add static ouia-id to modal with wizard for publishing a cv
2102825 - satellite-clone fails to adjust ownership of /var/lib/pulp if it's owned by non-existing user/group
2102867 - Post upgrade to satellite 6.10, sync summary email notification shows the incorrect summary for newly added errata.
2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
2103096 - After syncing a repository, it doesn't sync to the capsule automatically.
2103099 - satellite-clone fails to restore online backup on RHEL8
2103102 - MemoryError when importing large repo to disconnected Satellite
2103106 - Attempt to disable a Red Hat Repository fails with error "Cannot delete record because of dependent library_instances_inverse" if the repository is part of any CV versions in Satellite 6.10
2103110 - undefined method find' for nil:NilClass when importing content that has gpg_keys associated to it
2103129 - RHEL 9 appstream and baseos not showing as recommended repositories
2103522 - Capsule sync fails with "Parsing interrupted: The repository metadata being synced into Pulp is erroneous in a way that makes it ambiguous (duplicate NEVRAs).."
2104401 - Improve speed of manifest refresh by running RefreshIfNeeded steps concurrently
2104498 - Unable to sync jfrog artifactory-pro-rpms repository
2105048 - Error 'modulemd-yaml-error-quark' while synchronizing fedora modular repository on Satellite 6.10.
2105107 - Data issue for users on RHEL7 syncing EL8+ EPEL or Fedora Modular repositories
2105144 - Scheduling a remote execution job through API calls are using UTC instead of timezone
2105299 - Email notification shows incorrect new errata after syncing an Epel repository
2105941 - After 6.10 to 6.11 upgrade on FIPS setup, repository sync operations fail with an error "[digital envelope routines: EVP_DigestInit_ex] disabled for fips"
2106000 - Manifest Refresh should ensure environment-content association
2106090 - Running smart-proxy-openscap-send command returns "Gemfile lists the gem rsec (< 1) more than once" on Satellite 6.10.
2106091 - Exclude filter may exclude errata and packages that are needed
2106092 - Manifest refresh randomly fails with "No such file or directory" when having multile dynflow workers
2106093 - Simplify self-upgrade mechanism
2106333 - Add Satellite and Capsule 6.12 upgrade scenarios
2106659 - Inconsistent packages versioning
2106691 - Satellite 6.12 still defaults to the legacy host UI
2106700 - Invocations fail with NoMethodError - undefined methodcode' if capsule loses script feature without satellite noticing
2106885 - Upgrade to Satellite 6.11 fails in db:seed state with error "ActiveRecord::RecordInvalid: Validation failed: Name has already been taken"
2107252 - Last item in Webhooks table is overflowing
2107572 - packaging request for pull provider dependencies
2107577 - execution of roles with missing modules doesn't fail the execution
2107701 - [Pulp 3] If a modulemd metadata artifact is missing from the filesystem but has an artifact_id associated with it in database, "Verify Content Checksum" cannot fix this problem
2108169 - foreman-maintain self-upgrade enables RH repos when custom repo mentioned with --maintenance-repo-label for RHEL8
2108611 - Broken link when accessing the Registration Doc from the Satellite register hosts screen
2108637 - Remote execution fails for SSH Default when Remote Execution configured for Kerberos Authentication
2108719 - Upgrading to Satellite 6.11 fails on db:migrate stage with error "null value in column "created_at" violates not-null constraint"
2109254 - Remove orphans task going to the paused state with error "Cannot delete some instances of model 'Repository' because they are referenced through protected foreign keys" on Red Hat Satellite 6.11
2109260 - When using immediate downloads and retain_package_versions=X, all packages are downloaded and many are immediately orphaned
2109298 - ModuleStreamErratumPackages aren't indexed at first repository syncing
2109421 - Sendmail package not present on RHEL8 and needs manual configuration
2109594 - After upgrading to Satellite 6.11 , foreman log is flooded with huge tracebacks related to "unknown class DockerRegistry, ignoring" and "unknown class Container, ignoring"
2109606 - Not able to enable repositories when FIPS is enabled.
2109810 - Search for string in n-v-r.a format fails for custom packages but not for Red Hat packages
2110003 - smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8
2110163 - Generate All Reports Job Fails After Upgrade to 6.11 with Missing Logger Method
2110222 - Insights client traffic through a Satellite 6.11 Capsule fails
2110731 - [ BUG ] Sync errata email notification is not workng in Satellite 6.11 whereas "Test Email" functions fine
2110872 - Moving between tabs generates "undefined method parent_task' for nil:NilClass"
2111038 - new host ui details,ansible roles, bug when all ansible roles are assigned
2111074 - After LEAPP upgrade katello_candlepin_port_t definition is missing
2111222 - Need a static ouia-id for the close button on the Confirmation Modal
2111373 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unassigned automatically
2111469 - Single host contains too many NICs
2111570 - AVC denials noticed for gunicorn process after upgrading the Satellite 6.11 OS from RHEL 7 to RHEL 8 using leapp
2111571 - Multiples of every module stream show in the web UI
2111578 - Rebooting Sat611 on RHEL8 removes all pulp logs
2111921 - [New Host UI] Ansible tab only shows "view all assigned roles" when at least one host specific role has been added
2112015 - After deploying custom certs on Satellite, signed by a new CA, capsule can't fetch on-demand content
2112093 - GUI shows "Capsule Authorization" disabled even if it was enabled during the creation of the webhook in Satellite 6.10
2112098 - Need to be able to provide custom cert for ISS for Red Hat CDN
2112436 - After initial build of a UEFI VM using Red Hat Satellite, the system fails to boot up with error "Partition with known EFI file not found" when VM Hardware version is 17 or above
2112979 - Don't ship foreman-proxy-selinux in capsule repos
2113013 - documentation button on capsule page goes to a broken link
2113905 - [RHSSO] [Installer][RHEL8]- RHSSO feature settings are not getting enabled and failed with HTTPD CONF issue .
2113946 - Mirroring complete ansible galaxy fails with the following message: 'NoneType' object has no attribute 'get'
2113996 - Search for non-integer job id will result in error page
2115229 - pull-provider rex jobs occassionally hanging
2115686 - [RFE] Provide a functionality in Satellite to import pre-existing Ansible playbooks into Job Templates
2115767 - Unable to apply all Errata via Remote Execution on Web UI with "Select All"
2115775 - hammer command not working for non-root user post upgrading satellite to version 6.11
2115822 - New host details UI does not work at all
2115832 - Running "satellite-maintain self-upgrade" on a Satellite\Capsule 6.11.1.1 fails with error "Error: 'satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms' does not match a valid repository ID"
2116123 - Even though the CreateRssNotifications job gets completed, It fails to fetch RSS with error '(NameError): uninitialized constant Foreman::HttpProxy::NetHttpExt' in Satellite 6.12
2116276 - Hammmer task progress command returns Error: undefined methodempty?' for nil:NilClass
2116385 - [RFE] Add deprecation warning/banner on Compute Resources page about deprecation of RHEV support
2116871 - Package "python3-pulp_manifest" is not available in Satellite Utils repository
2117382 - Only first certificate from a content credential is considered by katello when updating CDN configuration to use Network Sync
2117489 - not all dependencies are allowed by foreman-protector
2117522 - satellite-upgrade to 6.12 fails in packages-update step to resolve python dependencies
2118055 - When installing errata via katello-agent, content_action_finish_timeout is ignored and tasks don't wait for client status to finish
2118252 - dnf can't load foreman-protector.py as a regular user
2118356 - katello-pull-transport-migrate missing in RHEL9 Client repos
2118431 - Incremental export on repository exports not working correctly after syncably exporting repository
2118689 - Boding interface bondig slaves are always changed to lower case
2118694 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: ERROR: update or delete on table "katello_module_profiles" violates foreign key constraint "katello_mod_profile_rpm_mod_profile_id_fk" on table "katello_module_profile_rpms"
2118772 - Satellite upgrade to 6.12 fails during db:migrate with PG::UndefinedColumn: ERROR: column "created_at" of relation "taxable_taxonomies" does not exist
2118790 - Convert2rhel playbook tries to install RHEL8 convert2rhel package
2118950 - Unable to configure cloud connector on Satellite 6.12.0
2118966 - [Pulp3] When working with docker type repos, syslogs is flooded with warnings "The model
- Package List:
Red Hat Satellite 6.12 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-4.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm candlepin-4.1.15-1.el8sat.src.rpm cjson-1.7.14-5.el8sat.src.rpm createrepo_c-0.20.1-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.3.0.17-1.el8sat.src.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.3.0.8-1.el8sat.src.rpm foreman-proxy-3.3.0-1.el8sat.src.rpm foreman-selinux-3.3.0-2.el8sat.src.rpm katello-4.5.0-1.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm katello-selinux-4.0.2-2.el8sat.src.rpm libcomps-0.1.18-4.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-4.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm mosquitto-2.0.14-1.el8sat.src.rpm postgresql-evr-0.0.2-1.el8sat.src.rpm pulpcore-selinux-1.3.2-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-3.el8pc.src.rpm python-aiofiles-0.8.0-2.el8pc.src.rpm python-aiohttp-3.8.1-3.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm python-aioredis-2.0.1-2.el8pc.src.rpm python-aiosignal-1.2.0-2.el8pc.src.rpm python-ansible-builder-1.0.1-4.el8pc.src.rpm python-asgiref-3.5.0-2.el8pc.src.rpm python-async-lru-1.0.2-3.el8pc.src.rpm python-async-timeout-4.0.2-2.el8pc.src.rpm python-asyncio-throttle-1.0.2-3.el8pc.src.rpm python-attrs-21.4.0-2.el8pc.src.rpm python-backoff-1.11.1-2.el8pc.src.rpm python-bindep-2.10.2-4.el8pc.src.rpm python-bleach-3.3.1-2.el8pc.src.rpm python-bleach-allowlist-1.0.3-3.el8pc.src.rpm python-bracex-2.2.1-2.el8pc.src.rpm python-brotli-1.0.9-2.el8pc.src.rpm python-cchardet-2.1.7-4.el8pc.src.rpm python-certifi-2020.6.20-3.el8pc.src.rpm python-cffi-1.15.0-2.el8pc.src.rpm python-chardet-4.0.0-2.el8pc.src.rpm python-charset-normalizer-2.0.11-4.el8pc.src.rpm python-click-8.0.3-2.el8pc.src.rpm python-click-shell-2.1-3.el8pc.src.rpm python-colorama-0.4.4-3.el8pc.src.rpm python-commonmark-0.9.1-5.el8pc.src.rpm python-contextlib2-21.6.0-3.el8pc.src.rpm python-cryptography-3.4.8-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-3.el8pc.src.rpm python-dateutil-2.8.2-2.el8pc.src.rpm python-debian-0.1.43-2.el8pc.src.rpm python-defusedxml-0.7.1-3.el8pc.src.rpm python-diff-match-patch-20200713-3.el8pc.src.rpm python-distro-1.6.0-3.el8pc.src.rpm python-django-3.2.14-2.el8pc.src.rpm python-django-currentuser-0.5.3-5.el8pc.src.rpm python-django-filter-21.1-3.el8pc.src.rpm python-django-guardian-2.4.0-5.el8pc.src.rpm python-django-guid-3.2.2-1.el8pc.src.rpm python-django-import-export-2.7.1-6.el8pc.src.rpm python-django-lifecycle-0.9.6-3.el8pc.src.rpm python-django-prometheus-2.1.0-3.el8pc.src.rpm python-django-readonly-field-1.1.1-3.el8pc.src.rpm python-djangorestframework-3.13.1-2.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm python-drf-access-policy-1.1.0-3.el8pc.src.rpm python-drf-nested-routers-0.93.4-3.el8pc.src.rpm python-drf-spectacular-0.21.2-2.el8pc.src.rpm python-dynaconf-3.1.7-4.el8pc.src.rpm python-ecdsa-0.14.1-2.el8pc.src.rpm python-enrich-1.2.6-5.el8pc.src.rpm python-et-xmlfile-1.1.0-2.el8pc.src.rpm python-flake8-3.9.2-5.el8pc.src.rpm python-frozenlist-1.3.0-2.el8pc.src.rpm python-future-0.18.2-5.el8pc.src.rpm python-galaxy-importer-0.4.5-1.el8pc.src.rpm python-gitdb-4.0.9-2.el8pc.src.rpm python-gitpython-3.1.26-3.el8pc.src.rpm python-gnupg-0.4.8-2.el8pc.src.rpm python-gunicorn-20.1.0-5.el8pc.src.rpm python-idna-3.3-2.el8pc.src.rpm python-idna-ssl-1.1.0-5.el8pc.src.rpm python-importlib-metadata-4.10.1-2.el8pc.src.rpm python-importlib-resources-5.4.0-4.el8pc.src.rpm python-inflection-0.5.1-3.el8pc.src.rpm python-iniparse-0.4-35.el8pc.src.rpm python-jinja2-3.0.3-2.el8pc.src.rpm python-jsonschema-4.6.0-4.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-2.el8pc.src.rpm python-markdown-3.3.6-3.el8pc.src.rpm python-markuppy-1.14-3.el8pc.src.rpm python-markupsafe-2.0.1-3.el8pc.src.rpm python-mccabe-0.6.1-3.el8pc.src.rpm python-multidict-6.0.2-2.el8pc.src.rpm python-naya-1.1.1-3.el8pc.src.rpm python-odfpy-1.4.1-6.el8pc.src.rpm python-openpyxl-3.0.9-2.el8pc.src.rpm python-packaging-21.3-1.el8pc.src.rpm python-parsley-1.3-2.el8pc.src.rpm python-pbr-5.8.0-4.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-3.el8pc.src.rpm python-prometheus-client-0.8.0-3.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.3-2.el8pc.src.rpm python-pulp-ansible-0.13.2-2.el8pc.src.rpm python-pulp-certguard-1.5.2-3.el8pc.src.rpm python-pulp-cli-0.14.0-4.el8pc.src.rpm python-pulp-container-2.10.9-1.el8pc.src.rpm python-pulp-deb-2.18.0-3.el8pc.src.rpm python-pulp-file-1.10.2-2.el8pc.src.rpm python-pulp-rpm-3.18.7-1.el8pc.src.rpm python-pulp_manifest-3.0.0-3.el8pc.src.rpm python-pulpcore-3.18.10-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-3.el8pc.src.rpm python-pycairo-1.20.1-3.el8pc.src.rpm python-pycares-4.1.2-2.el8pc.src.rpm python-pycodestyle-2.7.0-5.el8pc.src.rpm python-pycparser-2.21-2.el8pc.src.rpm python-pycryptodomex-3.14.1-2.el8pc.src.rpm python-pyflakes-2.3.1-5.el8pc.src.rpm python-pygments-2.11.2-2.el8pc.src.rpm python-pygobject-3.40.1-3.el8pc.src.rpm python-pygtrie-2.4.2-3.el8pc.src.rpm python-pyjwkest-1.4.2-6.el8pc.src.rpm python-pyjwt-1.7.1-8.el8pc.src.rpm python-pyparsing-2.4.7-3.el8pc.src.rpm python-pyrsistent-0.18.1-2.el8pc.src.rpm python-pytz-2021.3-2.el8pc.src.rpm python-pyyaml-5.4.1-4.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-3.el8pc.src.rpm python-requests-2.27.1-2.el8pc.src.rpm python-requirements-parser-0.2.0-3.el8pc.src.rpm python-rhsm-1.19.2-3.el8pc.src.rpm python-rich-10.12.0-3.el8pc.src.rpm python-ruamel-yaml-0.17.20-2.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm python-schema-0.7.5-2.el8pc.src.rpm python-semantic-version-2.10.0-1.el8pc.src.rpm python-six-1.16.0-2.el8pc.src.rpm python-smmap-5.0.0-2.el8pc.src.rpm python-sqlparse-0.4.2-3.el8pc.src.rpm python-tablib-3.2.0-3.el8pc.src.rpm python-tenacity-7.0.0-3.el8pc.src.rpm python-toml-0.10.2-3.el8pc.src.rpm python-typing-extensions-3.10.0.2-2.el8pc.src.rpm python-uritemplate-4.1.1-2.el8pc.src.rpm python-url-normalize-1.4.3-4.el8pc.src.rpm python-urllib3-1.26.8-2.el8pc.src.rpm python-urlman-1.4.0-3.el8pc.src.rpm python-wcmatch-8.3-2.el8pc.src.rpm python-webencodings-0.5.1-3.el8pc.src.rpm python-whitenoise-6.0.0-1.el8pc.src.rpm python-xlrd-2.0.1-5.el8pc.src.rpm python-xlwt-1.3.0-3.el8pc.src.rpm python-yarl-1.7.2-2.el8pc.src.rpm python-zipp-3.4.0-4.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-actioncable-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm rubygem-actionpack-6.0.4.7-1.el8sat.src.rpm rubygem-actiontext-6.0.4.7-1.el8sat.src.rpm rubygem-actionview-6.0.4.7-1.el8sat.src.rpm rubygem-activejob-6.0.4.7-1.el8sat.src.rpm rubygem-activemodel-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-import-1.1.0-1.el8sat.src.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm rubygem-activestorage-6.0.4.7-1.el8sat.src.rpm rubygem-activesupport-6.0.4.7-1.el8sat.src.rpm rubygem-acts_as_list-1.0.3-2.el8sat.src.rpm rubygem-addressable-2.8.0-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-ancestry-3.0.7-2.el8sat.src.rpm rubygem-anemone-0.7.2-23.el8sat.src.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-apipie-rails-0.5.17-4.el8sat.src.rpm rubygem-audited-4.9.0-4.el8sat.src.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm rubygem-builder-3.2.4-2.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-coffee-rails-5.0.0-2.el8sat.src.rpm rubygem-coffee-script-2.4.1-5.el8sat.src.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm rubygem-colorize-0.8.1-2.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-connection_pool-2.2.2-3.el8sat.src.rpm rubygem-crass-1.0.6-2.el8sat.src.rpm rubygem-css_parser-1.4.7-5.el8sat.src.rpm rubygem-daemons-1.2.3-7.1.el8sat.src.rpm rubygem-deacon-1.0.0-5.el8sat.src.rpm rubygem-declarative-0.0.10-3.el8sat.src.rpm rubygem-declarative-option-0.1.0-3.el8sat.src.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm rubygem-deface-1.5.3-3.el8sat.src.rpm rubygem-diffy-3.0.1-6.1.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-erubi-1.9.0-2.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-execjs-2.7.0-5.el8sat.src.rpm rubygem-facter-4.0.51-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-fog-aws-3.6.5-2.el8sat.src.rpm rubygem-fog-core-2.1.0-4.el8sat.src.rpm rubygem-fog-google-1.11.0-2.el8sat.src.rpm rubygem-fog-json-1.2.0-4.el8sat.src.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm rubygem-fog-openstack-1.0.8-4.el8sat.src.rpm rubygem-fog-ovirt-2.0.2-1.el8sat.src.rpm rubygem-fog-vsphere-3.5.2-1.el8sat.src.rpm rubygem-fog-xml-0.1.2-9.el8sat.src.rpm rubygem-foreman-tasks-6.0.3-1.el8sat.src.rpm rubygem-foreman_ansible-7.1.4.1-1.el8sat.src.rpm rubygem-foreman_azure_rm-2.2.6-3.1.el8sat.src.rpm rubygem-foreman_bootdisk-19.0.7-1.el8sat.src.rpm rubygem-foreman_discovery-21.0.4-1.el8sat.src.rpm rubygem-foreman_hooks-0.3.17-3.el8sat.src.rpm rubygem-foreman_kubevirt-0.1.9-4.el8sat.src.rpm rubygem-foreman_leapp-0.1.10-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-foreman_openscap-5.2.2-2.el8sat.src.rpm rubygem-foreman_puppet-4.0.3-1.el8sat.src.rpm rubygem-foreman_remote_execution-7.2.2-1.el8sat.src.rpm rubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm rubygem-foreman_templates-9.3.0-1.1.el8sat.src.rpm rubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.src.rpm rubygem-foreman_virt_who_configure-0.5.9-1.el8sat.src.rpm rubygem-foreman_webhooks-3.0.4-1.el8sat.src.rpm rubygem-formatador-0.2.1-13.el8sat.src.rpm rubygem-friendly_id-5.3.0-2.el8sat.src.rpm rubygem-fx-0.5.0-2.el8sat.src.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm rubygem-git-1.11.0-1.el8sat.src.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm rubygem-globalid-0.4.2-2.el8sat.src.rpm rubygem-google-api-client-0.33.2-2.el8sat.src.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm rubygem-googleauth-0.13.1-2.el8sat.src.rpm rubygem-graphql-1.8.14-3.el8sat.src.rpm rubygem-graphql-batch-0.3.10-3.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.3.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-hocon-1.3.1-2.el8sat.src.rpm rubygem-http-3.3.0-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-http-form_data-2.1.1-2.el8sat.src.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm rubygem-httpclient-2.8.3-4.el8sat.src.rpm rubygem-i18n-1.8.2-2.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-ipaddress-0.8.3-1.el8sat.src.rpm rubygem-jgrep-1.3.3-11.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-katello-4.5.0.20-1.el8sat.src.rpm rubygem-kubeclient-4.3.0-2.el8sat.src.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-loofah-2.4.0-2.el8sat.src.rpm rubygem-mail-2.7.1-2.el8sat.src.rpm rubygem-marcel-1.0.1-1.el8sat.src.rpm rubygem-memoist-0.16.0-3.el8sat.src.rpm rubygem-method_source-0.9.2-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_mime-1.0.2-2.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-ms_rest-0.7.6-1.el8sat.src.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ldap-0.17.0-2.el8sat.src.rpm rubygem-net-ping-2.0.1-5.el8sat.src.rpm rubygem-net-scp-1.2.1-5.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-net_http_unix-0.2.2-2.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nio4r-2.5.4-2.1.el8sat.src.rpm rubygem-nokogiri-1.13.8-1.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-optimist-3.0.0-3.el8sat.src.rpm rubygem-os-1.0.0-3.el8sat.src.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm rubygem-parallel-1.19.1-2.el8sat.src.rpm rubygem-parse-cron-0.1.4-5.el8sat.src.rpm rubygem-polyglot-0.3.5-3.1.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-prometheus-client-1.0.0-3.el8sat.src.rpm rubygem-promise.rb-0.7.4-3.el8sat.src.rpm rubygem-public_suffix-3.0.3-3.el8sat.src.rpm rubygem-pulp_ansible_client-0.13.1-1.el8sat.src.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm rubygem-pulp_container_client-2.10.3-1.el8sat.src.rpm rubygem-pulp_deb_client-2.18.0-1.el8sat.src.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm rubygem-pulp_python_client-3.6.0-1.el8sat.src.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm rubygem-pulpcore_client-3.18.5-1.el8sat.src.rpm rubygem-puma-5.6.2-1.el8sat.src.rpm rubygem-puma-status-1.3-1.el8sat.src.rpm rubygem-qpid_proton-0.33.0-5.el8sat.src.rpm rubygem-quantile-0.2.0-5.el8sat.src.rpm rubygem-rabl-0.14.3-2.el8sat.src.rpm rubygem-rack-2.2.4-1.el8sat.src.rpm rubygem-rack-cors-1.0.2-3.el8sat.src.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm rubygem-rack-protection-2.2.0-1.el8sat.src.rpm rubygem-rack-test-1.1.0-5.el8sat.src.rpm rubygem-rails-6.0.4.7-1.el8sat.src.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm rubygem-rails-html-sanitizer-1.4.3-2.el8sat.src.rpm rubygem-rails-i18n-6.0.0-3.el8sat.src.rpm rubygem-railties-6.0.4.7-1.el8sat.src.rpm rubygem-rainbow-2.2.2-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-rbvmomi-2.2.0-4.el8sat.src.rpm rubygem-rchardet-1.8.0-1.el8sat.src.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-redis-4.5.1-1.el8sat.src.rpm rubygem-representable-3.0.4-3.el8sat.src.rpm rubygem-responders-3.0.0-4.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-retriable-3.1.2-3.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-roadie-3.4.0-4.el8sat.src.rpm rubygem-roadie-rails-2.1.1-3.el8sat.src.rpm rubygem-robotex-1.0.0-22.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm rubygem-ruby_parser-3.10.1-4.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-runcible-2.13.1-2.el8sat.src.rpm rubygem-safemode-1.3.6-2.el8sat.src.rpm rubygem-scoped_search-4.1.10-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-secure_headers-6.3.0-3.el8sat.src.rpm rubygem-sequel-5.53.0-1.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sexp_processor-4.10.0-7.el8sat.src.rpm rubygem-sidekiq-5.2.10-1.el8sat.src.rpm rubygem-signet-0.14.0-2.el8sat.src.rpm rubygem-sinatra-2.2.0-1.el8sat.src.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sprockets-4.0.2-2.el8sat.src.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm rubygem-sqlite3-1.4.2-1.el8sat.src.rpm rubygem-sshkey-1.9.0-5.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-stomp-1.4.9-2.el8sat.src.rpm rubygem-thor-1.0.1-3.el8sat.src.rpm rubygem-thread_safe-0.3.6-6.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-timeliness-0.3.10-2.el8sat.src.rpm rubygem-tzinfo-1.2.6-2.el8sat.src.rpm rubygem-uber-0.1.0-3.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm rubygem-will_paginate-3.1.7-4.el8sat.src.rpm rubygem-zeitwerk-2.2.2-2.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm satellite-installer-6.12.0.5-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-4.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm candlepin-4.1.15-1.el8sat.noarch.rpm candlepin-selinux-4.1.15-1.el8sat.noarch.rpm foreman-3.3.0.17-1.el8sat.noarch.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm foreman-cli-3.3.0.17-1.el8sat.noarch.rpm foreman-debug-3.3.0.17-1.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.3.0.17-1.el8sat.noarch.rpm foreman-ec2-3.3.0.17-1.el8sat.noarch.rpm foreman-gce-3.3.0.17-1.el8sat.noarch.rpm foreman-installer-3.3.0.8-1.el8sat.noarch.rpm foreman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm foreman-journald-3.3.0.17-1.el8sat.noarch.rpm foreman-libvirt-3.3.0.17-1.el8sat.noarch.rpm foreman-openstack-3.3.0.17-1.el8sat.noarch.rpm foreman-ovirt-3.3.0.17-1.el8sat.noarch.rpm foreman-postgresql-3.3.0.17-1.el8sat.noarch.rpm foreman-proxy-3.3.0-1.el8sat.noarch.rpm foreman-proxy-journald-3.3.0-1.el8sat.noarch.rpm foreman-selinux-3.3.0-2.el8sat.noarch.rpm foreman-service-3.3.0.17-1.el8sat.noarch.rpm foreman-telemetry-3.3.0.17-1.el8sat.noarch.rpm foreman-vmware-3.3.0.17-1.el8sat.noarch.rpm katello-4.5.0-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.5.0-1.el8sat.noarch.rpm katello-debug-4.5.0-1.el8sat.noarch.rpm katello-selinux-4.0.2-2.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python39-aiodns-3.0.0-3.el8pc.noarch.rpm python39-aiofiles-0.8.0-2.el8pc.noarch.rpm python39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm python39-aioredis-2.0.1-2.el8pc.noarch.rpm python39-aiosignal-1.2.0-2.el8pc.noarch.rpm python39-ansible-builder-1.0.1-4.el8pc.noarch.rpm python39-asgiref-3.5.0-2.el8pc.noarch.rpm python39-async-lru-1.0.2-3.el8pc.noarch.rpm python39-async-timeout-4.0.2-2.el8pc.noarch.rpm python39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm python39-attrs-21.4.0-2.el8pc.noarch.rpm python39-backoff-1.11.1-2.el8pc.noarch.rpm python39-bindep-2.10.2-4.el8pc.noarch.rpm python39-bleach-3.3.1-2.el8pc.noarch.rpm python39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm python39-bracex-2.2.1-2.el8pc.noarch.rpm python39-certifi-2020.6.20-3.el8pc.noarch.rpm python39-chardet-4.0.0-2.el8pc.noarch.rpm python39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm python39-click-8.0.3-2.el8pc.noarch.rpm python39-click-shell-2.1-3.el8pc.noarch.rpm python39-colorama-0.4.4-3.el8pc.noarch.rpm python39-commonmark-0.9.1-5.el8pc.noarch.rpm python39-contextlib2-21.6.0-3.el8pc.noarch.rpm python39-dataclasses-0.8-3.el8pc.noarch.rpm python39-dateutil-2.8.2-2.el8pc.noarch.rpm python39-debian-0.1.43-2.el8pc.noarch.rpm python39-defusedxml-0.7.1-3.el8pc.noarch.rpm python39-diff-match-patch-20200713-3.el8pc.noarch.rpm python39-distro-1.6.0-3.el8pc.noarch.rpm python39-django-3.2.14-2.el8pc.noarch.rpm python39-django-currentuser-0.5.3-5.el8pc.noarch.rpm python39-django-filter-21.1-3.el8pc.noarch.rpm python39-django-guardian-2.4.0-5.el8pc.noarch.rpm python39-django-guid-3.2.2-1.el8pc.noarch.rpm python39-django-import-export-2.7.1-6.el8pc.noarch.rpm python39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm python39-django-prometheus-2.1.0-3.el8pc.noarch.rpm python39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm python39-djangorestframework-3.13.1-2.el8pc.noarch.rpm python39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm python39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm python39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm python39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm python39-dynaconf-3.1.7-4.el8pc.noarch.rpm python39-ecdsa-0.14.1-2.el8pc.noarch.rpm python39-enrich-1.2.6-5.el8pc.noarch.rpm python39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm python39-flake8-3.9.2-5.el8pc.noarch.rpm python39-future-0.18.2-5.el8pc.noarch.rpm python39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm python39-gitdb-4.0.9-2.el8pc.noarch.rpm python39-gitpython-3.1.26-3.el8pc.noarch.rpm python39-gnupg-0.4.8-2.el8pc.noarch.rpm python39-gunicorn-20.1.0-5.el8pc.noarch.rpm python39-idna-3.3-2.el8pc.noarch.rpm python39-idna-ssl-1.1.0-5.el8pc.noarch.rpm python39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm python39-importlib-resources-5.4.0-4.el8pc.noarch.rpm python39-inflection-0.5.1-3.el8pc.noarch.rpm python39-iniparse-0.4-35.el8pc.noarch.rpm python39-jinja2-3.0.3-2.el8pc.noarch.rpm python39-jsonschema-4.6.0-4.el8pc.noarch.rpm python39-markdown-3.3.6-3.el8pc.noarch.rpm python39-markuppy-1.14-3.el8pc.noarch.rpm python39-mccabe-0.6.1-3.el8pc.noarch.rpm python39-naya-1.1.1-3.el8pc.noarch.rpm python39-odfpy-1.4.1-6.el8pc.noarch.rpm python39-openpyxl-3.0.9-2.el8pc.noarch.rpm python39-packaging-21.3-1.el8pc.noarch.rpm python39-parsley-1.3-2.el8pc.noarch.rpm python39-pbr-5.8.0-4.el8pc.noarch.rpm python39-productmd-1.33-3.el8pc.noarch.rpm python39-prometheus-client-0.8.0-3.el8pc.noarch.rpm python39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm python39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm python39-pulp-cli-0.14.0-4.el8pc.noarch.rpm python39-pulp-container-2.10.9-1.el8pc.noarch.rpm python39-pulp-deb-2.18.0-3.el8pc.noarch.rpm python39-pulp-file-1.10.2-2.el8pc.noarch.rpm python39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm python39-pulpcore-3.18.10-1.el8pc.noarch.rpm python39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm python39-pycodestyle-2.7.0-5.el8pc.noarch.rpm python39-pycparser-2.21-2.el8pc.noarch.rpm python39-pyflakes-2.3.1-5.el8pc.noarch.rpm python39-pygments-2.11.2-2.el8pc.noarch.rpm python39-pygtrie-2.4.2-3.el8pc.noarch.rpm python39-pyjwkest-1.4.2-6.el8pc.noarch.rpm python39-pyjwt-1.7.1-8.el8pc.noarch.rpm python39-pyparsing-2.4.7-3.el8pc.noarch.rpm python39-pytz-2021.3-2.el8pc.noarch.rpm python39-redis-3.5.3-3.el8pc.noarch.rpm python39-requests-2.27.1-2.el8pc.noarch.rpm python39-requirements-parser-0.2.0-3.el8pc.noarch.rpm python39-rich-10.12.0-3.el8pc.noarch.rpm python39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm python39-schema-0.7.5-2.el8pc.noarch.rpm python39-semantic-version-2.10.0-1.el8pc.noarch.rpm python39-six-1.16.0-2.el8pc.noarch.rpm python39-smmap-5.0.0-2.el8pc.noarch.rpm python39-sqlparse-0.4.2-3.el8pc.noarch.rpm python39-tablib-3.2.0-3.el8pc.noarch.rpm python39-tenacity-7.0.0-3.el8pc.noarch.rpm python39-toml-0.10.2-3.el8pc.noarch.rpm python39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm python39-uritemplate-4.1.1-2.el8pc.noarch.rpm python39-url-normalize-1.4.3-4.el8pc.noarch.rpm python39-urllib3-1.26.8-2.el8pc.noarch.rpm python39-urlman-1.4.0-3.el8pc.noarch.rpm python39-wcmatch-8.3-2.el8pc.noarch.rpm python39-webencodings-0.5.1-3.el8pc.noarch.rpm python39-whitenoise-6.0.0-1.el8pc.noarch.rpm python39-xlrd-2.0.1-5.el8pc.noarch.rpm python39-xlwt-1.3.0-3.el8pc.noarch.rpm python39-zipp-3.4.0-4.el8pc.noarch.rpm qpid-dispatch-tools-1.14.0-6.el8.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm rubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm rubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm rubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm rubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm rubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm rubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm rubygem-addressable-2.8.0-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-ancestry-3.0.7-2.el8sat.noarch.rpm rubygem-anemone-0.7.2-23.el8sat.noarch.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm rubygem-audited-4.9.0-4.el8sat.noarch.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm rubygem-builder-3.2.4-2.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm rubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm rubygem-colorize-0.8.1-2.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm rubygem-crass-1.0.6-2.el8sat.noarch.rpm rubygem-css_parser-1.4.7-5.el8sat.noarch.rpm rubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm rubygem-deacon-1.0.0-5.el8sat.noarch.rpm rubygem-declarative-0.0.10-3.el8sat.noarch.rpm rubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm rubygem-deface-1.5.3-3.el8sat.noarch.rpm rubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-erubi-1.9.0-2.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-execjs-2.7.0-5.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm rubygem-fog-core-2.1.0-4.el8sat.noarch.rpm rubygem-fog-google-1.11.0-2.el8sat.noarch.rpm rubygem-fog-json-1.2.0-4.el8sat.noarch.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm rubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm rubygem-fog-ovirt-2.0.2-1.el8sat.noarch.rpm rubygem-fog-vsphere-3.5.2-1.el8sat.noarch.rpm rubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm rubygem-foreman-tasks-6.0.3-1.el8sat.noarch.rpm rubygem-foreman_ansible-7.1.4.1-1.el8sat.noarch.rpm rubygem-foreman_azure_rm-2.2.6-3.1.el8sat.noarch.rpm rubygem-foreman_bootdisk-19.0.7-1.el8sat.noarch.rpm rubygem-foreman_discovery-21.0.4-1.el8sat.noarch.rpm rubygem-foreman_hooks-0.3.17-3.el8sat.noarch.rpm rubygem-foreman_kubevirt-0.1.9-4.el8sat.noarch.rpm rubygem-foreman_leapp-0.1.10-2.1.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-foreman_openscap-5.2.2-2.el8sat.noarch.rpm rubygem-foreman_puppet-4.0.3-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-7.2.2-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-cockpit-7.2.2-1.el8sat.noarch.rpm rubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm rubygem-foreman_templates-9.3.0-1.1.el8sat.noarch.rpm rubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.noarch.rpm rubygem-foreman_virt_who_configure-0.5.9-1.el8sat.noarch.rpm rubygem-foreman_webhooks-3.0.4-1.el8sat.noarch.rpm rubygem-formatador-0.2.1-13.el8sat.noarch.rpm rubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm rubygem-fx-0.5.0-2.el8sat.noarch.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm rubygem-git-1.11.0-1.el8sat.noarch.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm rubygem-globalid-0.4.2-2.el8sat.noarch.rpm rubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm rubygem-googleauth-0.13.1-2.el8sat.noarch.rpm rubygem-graphql-1.8.14-3.el8sat.noarch.rpm rubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-hocon-1.3.1-2.el8sat.noarch.rpm rubygem-http-3.3.0-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm rubygem-httpclient-2.8.3-4.el8sat.noarch.rpm rubygem-i18n-1.8.2-2.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-ipaddress-0.8.3-1.el8sat.noarch.rpm rubygem-jgrep-1.3.3-11.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-katello-4.5.0.20-1.el8sat.noarch.rpm rubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-loofah-2.4.0-2.el8sat.noarch.rpm rubygem-mail-2.7.1-2.el8sat.noarch.rpm rubygem-marcel-1.0.1-1.el8sat.noarch.rpm rubygem-memoist-0.16.0-3.el8sat.noarch.rpm rubygem-method_source-0.9.2-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm rubygem-net-ping-2.0.1-5.el8sat.noarch.rpm rubygem-net-scp-1.2.1-5.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-optimist-3.0.0-3.el8sat.noarch.rpm rubygem-os-1.0.0-3.el8sat.noarch.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm rubygem-parallel-1.19.1-2.el8sat.noarch.rpm rubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm rubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm rubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm rubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm rubygem-pulp_ansible_client-0.13.1-1.el8sat.noarch.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm rubygem-pulp_container_client-2.10.3-1.el8sat.noarch.rpm rubygem-pulp_deb_client-2.18.0-1.el8sat.noarch.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm rubygem-pulp_python_client-3.6.0-1.el8sat.noarch.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm rubygem-pulpcore_client-3.18.5-1.el8sat.noarch.rpm rubygem-puma-status-1.3-1.el8sat.noarch.rpm rubygem-quantile-0.2.0-5.el8sat.noarch.rpm rubygem-rabl-0.14.3-2.el8sat.noarch.rpm rubygem-rack-2.2.4-1.el8sat.noarch.rpm rubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm rubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm rubygem-rack-test-1.1.0-5.el8sat.noarch.rpm rubygem-rails-6.0.4.7-1.el8sat.noarch.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm rubygem-rails-html-sanitizer-1.4.3-2.el8sat.noarch.rpm rubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm rubygem-railties-6.0.4.7-1.el8sat.noarch.rpm rubygem-rainbow-2.2.2-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm rubygem-rchardet-1.8.0-1.el8sat.noarch.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-redis-4.5.1-1.el8sat.noarch.rpm rubygem-representable-3.0.4-3.el8sat.noarch.rpm rubygem-responders-3.0.0-4.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-retriable-3.1.2-3.el8sat.noarch.rpm rubygem-roadie-3.4.0-4.el8sat.noarch.rpm rubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm rubygem-robotex-1.0.0-22.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm rubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-runcible-2.13.1-2.el8sat.noarch.rpm rubygem-safemode-1.3.6-2.el8sat.noarch.rpm rubygem-scoped_search-4.1.10-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm rubygem-sequel-5.53.0-1.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm rubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm rubygem-signet-0.14.0-2.el8sat.noarch.rpm rubygem-sinatra-2.2.0-1.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-sprockets-4.0.2-2.el8sat.noarch.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm rubygem-sshkey-1.9.0-5.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-stomp-1.4.9-2.el8sat.noarch.rpm rubygem-thor-1.0.1-3.el8sat.noarch.rpm rubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-timeliness-0.3.10-2.el8sat.noarch.rpm rubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm rubygem-uber-0.1.0-3.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm rubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm rubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm satellite-6.12.0-4.el8sat.noarch.rpm satellite-cli-6.12.0-4.el8sat.noarch.rpm satellite-common-6.12.0-4.el8sat.noarch.rpm satellite-installer-6.12.0.5-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: cjson-1.7.14-5.el8sat.x86_64.rpm cjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm cjson-debugsource-1.7.14-5.el8sat.x86_64.rpm createrepo_c-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-4.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-4.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm mosquitto-2.0.14-1.el8sat.x86_64.rpm mosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm mosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm postgresql-evr-0.0.2-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm python-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm python-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-4.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-4.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-aiohttp-3.8.1-3.el8pc.x86_64.rpm python39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm python39-brotli-1.0.9-2.el8pc.x86_64.rpm python39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm python39-cchardet-2.1.7-4.el8pc.x86_64.rpm python39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm python39-cffi-1.15.0-2.el8pc.x86_64.rpm python39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm python39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python39-cryptography-3.4.8-1.el8pc.x86_64.rpm python39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm python39-frozenlist-1.3.0-2.el8pc.x86_64.rpm python39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm python39-libcomps-0.1.18-4.el8pc.x86_64.rpm python39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python39-lxml-4.7.1-2.el8pc.x86_64.rpm python39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm python39-markupsafe-2.0.1-3.el8pc.x86_64.rpm python39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm python39-multidict-6.0.2-2.el8pc.x86_64.rpm python39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm python39-psycopg2-2.9.3-2.el8pc.x86_64.rpm python39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm python39-pycairo-1.20.1-3.el8pc.x86_64.rpm python39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm python39-pycares-4.1.2-2.el8pc.x86_64.rpm python39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm python39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm python39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm python39-pygobject-3.40.1-3.el8pc.x86_64.rpm python39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm python39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm python39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm python39-pyyaml-5.4.1-4.el8pc.x86_64.rpm python39-rhsm-1.19.2-3.el8pc.x86_64.rpm python39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm python39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm python39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm python39-solv-0.7.22-4.el8pc.x86_64.rpm python39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-yarl-1.7.2-2.el8pc.x86_64.rpm python39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm rubygem-facter-4.0.51-2.el8sat.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm rubygem-puma-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm rubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-4.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm cjson-1.7.14-5.el8sat.src.rpm createrepo_c-0.20.1-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.3.0.17-1.el8sat.src.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.3.0.8-1.el8sat.src.rpm foreman-proxy-3.3.0-1.el8sat.src.rpm katello-4.5.0-1.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm libcomps-0.1.18-4.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-4.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm mosquitto-2.0.14-1.el8sat.src.rpm pulpcore-selinux-1.3.2-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-3.el8pc.src.rpm python-aiofiles-0.8.0-2.el8pc.src.rpm python-aiohttp-3.8.1-3.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm python-aioredis-2.0.1-2.el8pc.src.rpm python-aiosignal-1.2.0-2.el8pc.src.rpm python-ansible-builder-1.0.1-4.el8pc.src.rpm python-asgiref-3.5.0-2.el8pc.src.rpm python-async-lru-1.0.2-3.el8pc.src.rpm python-async-timeout-4.0.2-2.el8pc.src.rpm python-asyncio-throttle-1.0.2-3.el8pc.src.rpm python-attrs-21.4.0-2.el8pc.src.rpm python-backoff-1.11.1-2.el8pc.src.rpm python-bindep-2.10.2-4.el8pc.src.rpm python-bleach-3.3.1-2.el8pc.src.rpm python-bleach-allowlist-1.0.3-3.el8pc.src.rpm python-bracex-2.2.1-2.el8pc.src.rpm python-brotli-1.0.9-2.el8pc.src.rpm python-cchardet-2.1.7-4.el8pc.src.rpm python-certifi-2020.6.20-3.el8pc.src.rpm python-cffi-1.15.0-2.el8pc.src.rpm python-chardet-4.0.0-2.el8pc.src.rpm python-charset-normalizer-2.0.11-4.el8pc.src.rpm python-click-8.0.3-2.el8pc.src.rpm python-click-shell-2.1-3.el8pc.src.rpm python-colorama-0.4.4-3.el8pc.src.rpm python-commonmark-0.9.1-5.el8pc.src.rpm python-contextlib2-21.6.0-3.el8pc.src.rpm python-cryptography-3.4.8-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-3.el8pc.src.rpm python-dateutil-2.8.2-2.el8pc.src.rpm python-debian-0.1.43-2.el8pc.src.rpm python-defusedxml-0.7.1-3.el8pc.src.rpm python-diff-match-patch-20200713-3.el8pc.src.rpm python-distro-1.6.0-3.el8pc.src.rpm python-django-3.2.14-2.el8pc.src.rpm python-django-currentuser-0.5.3-5.el8pc.src.rpm python-django-filter-21.1-3.el8pc.src.rpm python-django-guardian-2.4.0-5.el8pc.src.rpm python-django-guid-3.2.2-1.el8pc.src.rpm python-django-import-export-2.7.1-6.el8pc.src.rpm python-django-lifecycle-0.9.6-3.el8pc.src.rpm python-django-prometheus-2.1.0-3.el8pc.src.rpm python-django-readonly-field-1.1.1-3.el8pc.src.rpm python-djangorestframework-3.13.1-2.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm python-drf-access-policy-1.1.0-3.el8pc.src.rpm python-drf-nested-routers-0.93.4-3.el8pc.src.rpm python-drf-spectacular-0.21.2-2.el8pc.src.rpm python-dynaconf-3.1.7-4.el8pc.src.rpm python-ecdsa-0.14.1-2.el8pc.src.rpm python-enrich-1.2.6-5.el8pc.src.rpm python-et-xmlfile-1.1.0-2.el8pc.src.rpm python-flake8-3.9.2-5.el8pc.src.rpm python-frozenlist-1.3.0-2.el8pc.src.rpm python-future-0.18.2-5.el8pc.src.rpm python-galaxy-importer-0.4.5-1.el8pc.src.rpm python-gitdb-4.0.9-2.el8pc.src.rpm python-gitpython-3.1.26-3.el8pc.src.rpm python-gnupg-0.4.8-2.el8pc.src.rpm python-gunicorn-20.1.0-5.el8pc.src.rpm python-idna-3.3-2.el8pc.src.rpm python-idna-ssl-1.1.0-5.el8pc.src.rpm python-importlib-metadata-4.10.1-2.el8pc.src.rpm python-importlib-resources-5.4.0-4.el8pc.src.rpm python-inflection-0.5.1-3.el8pc.src.rpm python-iniparse-0.4-35.el8pc.src.rpm python-jinja2-3.0.3-2.el8pc.src.rpm python-jsonschema-4.6.0-4.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-2.el8pc.src.rpm python-markdown-3.3.6-3.el8pc.src.rpm python-markuppy-1.14-3.el8pc.src.rpm python-markupsafe-2.0.1-3.el8pc.src.rpm python-mccabe-0.6.1-3.el8pc.src.rpm python-multidict-6.0.2-2.el8pc.src.rpm python-naya-1.1.1-3.el8pc.src.rpm python-odfpy-1.4.1-6.el8pc.src.rpm python-openpyxl-3.0.9-2.el8pc.src.rpm python-packaging-21.3-1.el8pc.src.rpm python-parsley-1.3-2.el8pc.src.rpm python-pbr-5.8.0-4.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-3.el8pc.src.rpm python-prometheus-client-0.8.0-3.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.3-2.el8pc.src.rpm python-pulp-ansible-0.13.2-2.el8pc.src.rpm python-pulp-certguard-1.5.2-3.el8pc.src.rpm python-pulp-cli-0.14.0-4.el8pc.src.rpm python-pulp-container-2.10.9-1.el8pc.src.rpm python-pulp-deb-2.18.0-3.el8pc.src.rpm python-pulp-file-1.10.2-2.el8pc.src.rpm python-pulp-rpm-3.18.7-1.el8pc.src.rpm python-pulpcore-3.18.10-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-3.el8pc.src.rpm python-pycairo-1.20.1-3.el8pc.src.rpm python-pycares-4.1.2-2.el8pc.src.rpm python-pycodestyle-2.7.0-5.el8pc.src.rpm python-pycparser-2.21-2.el8pc.src.rpm python-pycryptodomex-3.14.1-2.el8pc.src.rpm python-pyflakes-2.3.1-5.el8pc.src.rpm python-pygments-2.11.2-2.el8pc.src.rpm python-pygobject-3.40.1-3.el8pc.src.rpm python-pygtrie-2.4.2-3.el8pc.src.rpm python-pyjwkest-1.4.2-6.el8pc.src.rpm python-pyjwt-1.7.1-8.el8pc.src.rpm python-pyparsing-2.4.7-3.el8pc.src.rpm python-pyrsistent-0.18.1-2.el8pc.src.rpm python-pytz-2021.3-2.el8pc.src.rpm python-pyyaml-5.4.1-4.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-3.el8pc.src.rpm python-requests-2.27.1-2.el8pc.src.rpm python-requirements-parser-0.2.0-3.el8pc.src.rpm python-rhsm-1.19.2-3.el8pc.src.rpm python-rich-10.12.0-3.el8pc.src.rpm python-ruamel-yaml-0.17.20-2.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm python-schema-0.7.5-2.el8pc.src.rpm python-semantic-version-2.10.0-1.el8pc.src.rpm python-six-1.16.0-2.el8pc.src.rpm python-smmap-5.0.0-2.el8pc.src.rpm python-sqlparse-0.4.2-3.el8pc.src.rpm python-tablib-3.2.0-3.el8pc.src.rpm python-tenacity-7.0.0-3.el8pc.src.rpm python-toml-0.10.2-3.el8pc.src.rpm python-typing-extensions-3.10.0.2-2.el8pc.src.rpm python-uritemplate-4.1.1-2.el8pc.src.rpm python-url-normalize-1.4.3-4.el8pc.src.rpm python-urllib3-1.26.8-2.el8pc.src.rpm python-urlman-1.4.0-3.el8pc.src.rpm python-wcmatch-8.3-2.el8pc.src.rpm python-webencodings-0.5.1-3.el8pc.src.rpm python-whitenoise-6.0.0-1.el8pc.src.rpm python-xlrd-2.0.1-5.el8pc.src.rpm python-xlwt-1.3.0-3.el8pc.src.rpm python-yarl-1.7.2-2.el8pc.src.rpm python-zipp-3.4.0-4.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nokogiri-1.13.8-1.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rack-2.2.4-1.el8sat.src.rpm rubygem-rack-protection-2.2.0-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-sequel-5.53.0-1.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sinatra-2.2.0-1.el8sat.src.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sqlite3-1.4.2-1.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm satellite-installer-6.12.0.5-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-4.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm foreman-debug-3.3.0.17-1.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-installer-3.3.0.8-1.el8sat.noarch.rpm foreman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm foreman-proxy-3.3.0-1.el8sat.noarch.rpm foreman-proxy-content-4.5.0-1.el8sat.noarch.rpm foreman-proxy-journald-3.3.0-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.5.0-1.el8sat.noarch.rpm katello-debug-4.5.0-1.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python39-aiodns-3.0.0-3.el8pc.noarch.rpm python39-aiofiles-0.8.0-2.el8pc.noarch.rpm python39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm python39-aioredis-2.0.1-2.el8pc.noarch.rpm python39-aiosignal-1.2.0-2.el8pc.noarch.rpm python39-ansible-builder-1.0.1-4.el8pc.noarch.rpm python39-asgiref-3.5.0-2.el8pc.noarch.rpm python39-async-lru-1.0.2-3.el8pc.noarch.rpm python39-async-timeout-4.0.2-2.el8pc.noarch.rpm python39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm python39-attrs-21.4.0-2.el8pc.noarch.rpm python39-backoff-1.11.1-2.el8pc.noarch.rpm python39-bindep-2.10.2-4.el8pc.noarch.rpm python39-bleach-3.3.1-2.el8pc.noarch.rpm python39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm python39-bracex-2.2.1-2.el8pc.noarch.rpm python39-certifi-2020.6.20-3.el8pc.noarch.rpm python39-chardet-4.0.0-2.el8pc.noarch.rpm python39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm python39-click-8.0.3-2.el8pc.noarch.rpm python39-click-shell-2.1-3.el8pc.noarch.rpm python39-colorama-0.4.4-3.el8pc.noarch.rpm python39-commonmark-0.9.1-5.el8pc.noarch.rpm python39-contextlib2-21.6.0-3.el8pc.noarch.rpm python39-dataclasses-0.8-3.el8pc.noarch.rpm python39-dateutil-2.8.2-2.el8pc.noarch.rpm python39-debian-0.1.43-2.el8pc.noarch.rpm python39-defusedxml-0.7.1-3.el8pc.noarch.rpm python39-diff-match-patch-20200713-3.el8pc.noarch.rpm python39-distro-1.6.0-3.el8pc.noarch.rpm python39-django-3.2.14-2.el8pc.noarch.rpm python39-django-currentuser-0.5.3-5.el8pc.noarch.rpm python39-django-filter-21.1-3.el8pc.noarch.rpm python39-django-guardian-2.4.0-5.el8pc.noarch.rpm python39-django-guid-3.2.2-1.el8pc.noarch.rpm python39-django-import-export-2.7.1-6.el8pc.noarch.rpm python39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm python39-django-prometheus-2.1.0-3.el8pc.noarch.rpm python39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm python39-djangorestframework-3.13.1-2.el8pc.noarch.rpm python39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm python39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm python39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm python39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm python39-dynaconf-3.1.7-4.el8pc.noarch.rpm python39-ecdsa-0.14.1-2.el8pc.noarch.rpm python39-enrich-1.2.6-5.el8pc.noarch.rpm python39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm python39-flake8-3.9.2-5.el8pc.noarch.rpm python39-future-0.18.2-5.el8pc.noarch.rpm python39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm python39-gitdb-4.0.9-2.el8pc.noarch.rpm python39-gitpython-3.1.26-3.el8pc.noarch.rpm python39-gnupg-0.4.8-2.el8pc.noarch.rpm python39-gunicorn-20.1.0-5.el8pc.noarch.rpm python39-idna-3.3-2.el8pc.noarch.rpm python39-idna-ssl-1.1.0-5.el8pc.noarch.rpm python39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm python39-importlib-resources-5.4.0-4.el8pc.noarch.rpm python39-inflection-0.5.1-3.el8pc.noarch.rpm python39-iniparse-0.4-35.el8pc.noarch.rpm python39-jinja2-3.0.3-2.el8pc.noarch.rpm python39-jsonschema-4.6.0-4.el8pc.noarch.rpm python39-markdown-3.3.6-3.el8pc.noarch.rpm python39-markuppy-1.14-3.el8pc.noarch.rpm python39-mccabe-0.6.1-3.el8pc.noarch.rpm python39-naya-1.1.1-3.el8pc.noarch.rpm python39-odfpy-1.4.1-6.el8pc.noarch.rpm python39-openpyxl-3.0.9-2.el8pc.noarch.rpm python39-packaging-21.3-1.el8pc.noarch.rpm python39-parsley-1.3-2.el8pc.noarch.rpm python39-pbr-5.8.0-4.el8pc.noarch.rpm python39-productmd-1.33-3.el8pc.noarch.rpm python39-prometheus-client-0.8.0-3.el8pc.noarch.rpm python39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm python39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm python39-pulp-cli-0.14.0-4.el8pc.noarch.rpm python39-pulp-container-2.10.9-1.el8pc.noarch.rpm python39-pulp-deb-2.18.0-3.el8pc.noarch.rpm python39-pulp-file-1.10.2-2.el8pc.noarch.rpm python39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm python39-pulpcore-3.18.10-1.el8pc.noarch.rpm python39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm python39-pycodestyle-2.7.0-5.el8pc.noarch.rpm python39-pycparser-2.21-2.el8pc.noarch.rpm python39-pyflakes-2.3.1-5.el8pc.noarch.rpm python39-pygments-2.11.2-2.el8pc.noarch.rpm python39-pygtrie-2.4.2-3.el8pc.noarch.rpm python39-pyjwkest-1.4.2-6.el8pc.noarch.rpm python39-pyjwt-1.7.1-8.el8pc.noarch.rpm python39-pyparsing-2.4.7-3.el8pc.noarch.rpm python39-pytz-2021.3-2.el8pc.noarch.rpm python39-redis-3.5.3-3.el8pc.noarch.rpm python39-requests-2.27.1-2.el8pc.noarch.rpm python39-requirements-parser-0.2.0-3.el8pc.noarch.rpm python39-rich-10.12.0-3.el8pc.noarch.rpm python39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm python39-schema-0.7.5-2.el8pc.noarch.rpm python39-semantic-version-2.10.0-1.el8pc.noarch.rpm python39-six-1.16.0-2.el8pc.noarch.rpm python39-smmap-5.0.0-2.el8pc.noarch.rpm python39-sqlparse-0.4.2-3.el8pc.noarch.rpm python39-tablib-3.2.0-3.el8pc.noarch.rpm python39-tenacity-7.0.0-3.el8pc.noarch.rpm python39-toml-0.10.2-3.el8pc.noarch.rpm python39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm python39-uritemplate-4.1.1-2.el8pc.noarch.rpm python39-url-normalize-1.4.3-4.el8pc.noarch.rpm python39-urllib3-1.26.8-2.el8pc.noarch.rpm python39-urlman-1.4.0-3.el8pc.noarch.rpm python39-wcmatch-8.3-2.el8pc.noarch.rpm python39-webencodings-0.5.1-3.el8pc.noarch.rpm python39-whitenoise-6.0.0-1.el8pc.noarch.rpm python39-xlrd-2.0.1-5.el8pc.noarch.rpm python39-xlwt-1.3.0-3.el8pc.noarch.rpm python39-zipp-3.4.0-4.el8pc.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rack-2.2.4-1.el8sat.noarch.rpm rubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-sequel-5.53.0-1.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sinatra-2.2.0-1.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm satellite-capsule-6.12.0-4.el8sat.noarch.rpm satellite-common-6.12.0-4.el8sat.noarch.rpm satellite-installer-6.12.0.5-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: cjson-1.7.14-5.el8sat.x86_64.rpm cjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm cjson-debugsource-1.7.14-5.el8sat.x86_64.rpm createrepo_c-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-4.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-4.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm mosquitto-2.0.14-1.el8sat.x86_64.rpm mosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm mosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm python-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm python-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-4.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-4.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-aiohttp-3.8.1-3.el8pc.x86_64.rpm python39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm python39-brotli-1.0.9-2.el8pc.x86_64.rpm python39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm python39-cchardet-2.1.7-4.el8pc.x86_64.rpm python39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm python39-cffi-1.15.0-2.el8pc.x86_64.rpm python39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm python39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python39-cryptography-3.4.8-1.el8pc.x86_64.rpm python39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm python39-frozenlist-1.3.0-2.el8pc.x86_64.rpm python39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm python39-libcomps-0.1.18-4.el8pc.x86_64.rpm python39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python39-lxml-4.7.1-2.el8pc.x86_64.rpm python39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm python39-markupsafe-2.0.1-3.el8pc.x86_64.rpm python39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm python39-multidict-6.0.2-2.el8pc.x86_64.rpm python39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm python39-psycopg2-2.9.3-2.el8pc.x86_64.rpm python39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm python39-pycairo-1.20.1-3.el8pc.x86_64.rpm python39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm python39-pycares-4.1.2-2.el8pc.x86_64.rpm python39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm python39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm python39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm python39-pygobject-3.40.1-3.el8pc.x86_64.rpm python39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm python39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm python39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm python39-pyyaml-5.4.1-4.el8pc.x86_64.rpm python39-rhsm-1.19.2-3.el8pc.x86_64.rpm python39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm python39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm python39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm python39-solv-0.7.22-4.el8pc.x86_64.rpm python39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-yarl-1.7.2-2.el8pc.x86_64.rpm python39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm satellite-clone-3.2.0-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm satellite-clone-3.2.0-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: foreman-3.3.0.17-1.el8sat.src.rpm python-pulp_manifest-3.0.0-3.el8pc.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.3.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm
noarch: foreman-cli-3.3.0.17-1.el8sat.noarch.rpm python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm satellite-cli-6.12.0-4.el8sat.noarch.rpm
x86_64: rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-24836 https://access.redhat.com/security/cve/CVE-2022-25648 https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/cve/CVE-2022-32209 https://access.redhat.com/security/cve/CVE-2022-34265 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY3UyKtzjgjWX9erEAQiOZQ//cSY/SZi9lHZWMyk7SFF/uo1T/lMIgLGz 45VnNH0uR/+NowvtEK9Oz6V7o8IKD1RfKD8wtMeGh9ObiiY+wGstUuF2ulzxrWHr +paVkbfB/Yx62nqn4EovZ7RhcGCBN7ZO+OyhYo6MLejs/vvw9LYECh5qsvcTggBG qdCgO2xrxwEznoWA2iBqwCwHzX5rEx1shvRGnh6gjCnG/NJbg3w1QR0ko31Fqc3b DRIQL2CsfFlJTkfZN7996VjicMt6tsO4hcYFi3VaEvbWh3/R3z2MdGbqR9e0hbPF y1REALJ1kjoxaS26lDPaO9bwsP8PUyntl1MrmhPnnuqXuYduxAPOSXMFbfMosC3t wHK3ZA10LzReoHYrYxcv2V2L65+vOmT1Ss+P88TlLaw+iO1yITuxPRZf6EVVmmTK SoY0E9mmxybtGdb6izkM5ofk7tbLABHGZzqqRo8QbFbOJ3ffprqE3FrRM5JydNxT /DVUFNU+ntfBaCL81tuiuMDcRjVlNhKMCJEWnPQ9BIJ3oAwyxDT/49QCTSlbgDIs Y820v73UDgRb7hOLKNg+YAek/lvuwwrrfyu8BaBft6XiUZg6rlPXPJdfCrNMV7BG nSg1E5LMCxn5ZDaspEnT+7RV1VpmgmWfxgi0yrKaLahVlxIRMMlppnfT4lCzplTT AltJZW6aeZM=vlQq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2129809 - CVE-2022-36944 scala: deserialization gadget chain 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files 2215229 - CVE-2023-2976 guava: insecure temporary directory creation 2215393 - CVE-2023-34453 snappy-java: Integer overflow in shuffle leads to DoS 2215394 - CVE-2023-34454 snappy-java: Integer overflow in compress leads to DoS 2215445 - CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS 2215465 - CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate 2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM 2229295 - CVE-2023-3635 okio: GzipSource class improper exception handling 2236340 - CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() 2236341 - CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies
- JIRA issues fixed (https://issues.redhat.com/):
ENTMQST-5081 - [PROD] Create RHSA erratum for Streams 2.5.0
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1706",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.2"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.68"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "quarkus",
"scope": "lt",
"trust": 1.0,
"vendor": "quarkus",
"version": "2.2.4"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.48"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.10"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications brm - elastic charging engine",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.6"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.68",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "174675"
}
],
"trust": 0.8
},
"cve": "CVE-2021-37136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-398972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-37136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398972",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack. The purpose of this text-only errata is to inform you\nabout the security issues fixed. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)\n2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7\nJBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001\nJBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001\nJBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1\nJBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042\nJBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1\nJBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001\nJBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001\nJBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002\nJBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3\nJBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1\nJBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002\nJBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x\nJBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes\nJBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05\nJBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003\nJBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4\nJBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001\n\n7. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2437 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4]\nLOG-2442 - Log file metric exporter not working with /var/log/pods\nLOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.12 Release\nAdvisory ID: RHSA-2022:8506-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8506\nIssue date: 2022-11-16\nCVE Names: CVE-2021-37136 CVE-2021-37137 CVE-2022-22818\n CVE-2022-24836 CVE-2022-25648 CVE-2022-29970\n CVE-2022-32209 CVE-2022-34265\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.12. The release contains\na new version of Satellite and important security fixes for various\ncomponents. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.12 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n* python3-django: Possible XSS via template tag (CVE-2022-22818)\n* tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)\n* tfm-rubygem-sinatra: Path traversal possible outside of public_dir when\nserving static files (CVE-2022-29970)\n* tfm-rubygem-git: Package vulnerable to Command Injection via git argument\ninjection (CVE-2022-25648)\n* rubygem-rails-html-sanitizer: Possible XSS with certain configurations\n(CVE-2022-32209)\n* python3-django: Potential SQL injection via Trunc and Extract arguments\n(CVE-2022-34265)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document. \n\n4. Solution:\n\nFor Red Hat Satellite 6.12, see the following documentation for the\nrelease. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.12\n\nThe important instructions on how to upgrade are available below. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1309740 - [RFE] As a user, I want to schedule a job and receive an e-mail summary when it completes\n1703496 - Satellite audits cleanup\n1732590 - Cannot add filter on same RPM name with different architectures\n1775813 - A publish content view displays (Invalid Date) for the date and time of when the content view was published. \n1829468 - [RFE] Be able to retrieve the software vendor package from the installed package\n1830968 - [RFE] API should return simple results to understand if the repositories for hosts are enabled or not. \n1834897 - [RFE] Remove the configuration \u0027env=Library\u0027 created by the virt-who configuration plugin in the Satellite WebUI\n1850393 - [RFE] REX Pull Provider\n1868175 - Red Hat Satellite should notify about published content view while removing Lifecycle environment\n1868323 - \"Confirm services restart\" modal window grammatically does not respect that multiple systems are selected for a reboot\n1870816 - Deploy script breaks when the password of hypervisor contains single quotes\n1879811 - [ALL_LANG] [SAT_6.8 | 6.9 | 6.10|6.11 ] Web elements are not localized (Available Button, ON/OFF Switch Button)\n1884148 - description of filter_host_parents does not match virt-who-config\n1892218 - Multi-page listing when adding repositories to Content Views confuses the number of repositories to add\n1892752 - Scheduled job \"Create RSS notifications\" does not use proxy\n1894033 - [RFE] Add SSH User field to Advanced Fields in Job Invocation of SSH Command - remote_execution_ssh_user per Remote Execution task\n1908841 - Capsule certs regeneration fails with an error if the organization has a `\u0027` in the name\n1912941 - Verbose log outputs for Ansible jobs are reported to all Hosts present on the Job. \n1925165 - [RFE] Unordered RPMs in repodata decrease compression efficiency\n1930577 - when running ReX via SSH on 2242 hosts, got \"Timed out reading data from server\"\n1931532 - When running remote execution from Satellite to an RHEL 8 with tlog enabled it fails. \n1931665 - Need clearer error message when manifest is no longer valid when syncing inventory\n1934210 - Bad HTTP method requests filling up /var/log/messages with stack traces\n1938092 - [RFE] Insights recommendations should have url links for related knowledgebase article and c.r.c. \n1940396 - [RFE] Introduction of GUI based option to be able to bulk select and remove Content View versions in Red Hat Satellite 6\n1951542 - Insights Table doesnt translate the pagination strings\n1952939 - [RFE] Support for Satellite Tools version-1 repository is version. \n1959136 - Backtick in password causes failure during deployment of virt-who config. \n1962253 - Global registration succeeded but throwing error messages when auto-attach is true\n1964080 - [BUG] The != and ~ search params does not work with os_minor parameter in Satellite 6.9\n1970132 - [BUG] Invalid choice for template_kind listed for os_default_template module\n1970623 - [BUG] Error Can\u0027t join \u0027Katello::ContentFacetRepository\u0027 to association named \u0027hostgroup\u0027 when clicking on \"Errata Installation\" inside a host_collection as a non-admin user\n1971747 - \"Registered Content Hosts\" Report is Showing the Wrong Available Kernel Version for RHEL 7.7 Client\n1973329 - Provide upstream repository name value to allow a name change on the repository to not break Satellite if an enabled repository\u0027s name gets changed\n1974180 - Default user input value is not set for job invocation\n1981444 - \"Subscription - Entitlement Report\" does not show correct number of subscriptions attached/consumed\n1982698 - Ansible playbook execution crash for Hosts: localhost\n1982745 - Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup\n1984400 - Capsule upgrade/install fails due to proxy configuration in \u0027HTTP(S) proxy\u0027 in settings\n1989631 - Ruby warning: URI.escape is obsolete after the host is provisioned\n1990119 - Documentation bug for the compute_resource module\n1991557 - Many Postgres ERRORs (duplicate key) especially on RedHat repo sync\n1994877 - [RFE] Example is missing in \"Install packages\" option in the Advanced Tab of \"Register Host\" form. \n1994945 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error\n1998477 - Add Simple content access status API to check whether SCA is enabled or disabled in Satellite\n2000613 - The login page exposes version of the satellite\n2001517 - [RFE] Allow \"on_demand\" download policy for repositories of content_type docker\n2001552 - Host facts are not uploaded to satellite when content host is registered with Satellite using global registration form. \n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2006974 - [ALL_LANG] [SAT_6.10 | 6.11] \u0027No matches found\u0027 text is untranslated in search bar\n2007117 - [ ALL_LANG] [SAT_6.10 | 6.11] \u0027Filter\u0027 string from switcher section search box is not marked as translatable string\n2011312 - Misspelled word in tooltip \"Toggel\" instead of \"Toggle\"\n2013611 - Hammer compute-profile create missing \u0027boot_order\u0027 from \u0027compute-attributes\u0027\n2015062 - Scap Content Page redirects to Satellite documentation instead of Scap Content\n2015757 - \u0027Mail enabled\u0027 setting cannot be switched with the hammer user command. \n2016924 - The value set by \u0027hammer activation-key content-override\u0027command cannot be confirmed by \u0027hammer activation-key info\u0027 command. \n2022065 - ansible modules don\u0027t work correctly when a HTTP?HTTPS redirect occurs\n2022649 - Hammer unable to send correct value for for Job Templates in order to update ALL packages. \n2024175 - [RFE] Include Tower extra vars feature when calling the API callback\n2024576 - Extra audit record created on Organization create action\n2024968 - [RFE] Expose parameter trusted_proxies on satellite-installer\n2025892 - [RFE] Allow configuring cockpit with multiple origins through satellite-installer\n2025926 - [RFE] Identify host Build Token using hammer\n2027947 - HypervisorHeartbeatUpdateJob is taking long time to process and updates wrong consumer records\n2028112 - Ansible roles are failed with exit status 0 but the job is showing status success and the task is also showing result success. \n2033321 - Manifest refresh fails on Candlepin: One or more pools was left in an undefined state\n2033381 - Remove the space at the end of foreman-proxy-certs-generate printed installer cmd\n2035287 - The online backup attempt still shows a warning about mongodb when executed in Satellite 6.10\n2036151 - Can\u0027t assign different networks on 2+ NICs with vNIC profiles selected\n2038989 - [RFE] Satellite Security Concerns for Apache\n2043126 - Non-enabled repository types make it into the apipie help-text\n2043242 - [RFE] make worker show what task they are currently running\n2048547 - When using async_ssh true and for some reason the script retrieve.sh fails to, the task remain stuck\n2048775 - CVE-2022-22818 django: Possible XSS via \u0027{% debug %}\u0027 template tag\n2049595 - missing information about puppet attributes in API/CLI\n2051648 - [RFE] Better Detail When Job Fails Due To SSH Problem\n2051891 - vCPUs in RHV getting reset to one vCPU after editing a host in Satellite\n2052076 - foreman-proxy does not log permissions errors when trying to read ssl_ca.pem\n2053842 - The \"Serve via HTTP\" and \"Verify SSL\" options in Repo Discovery page does not functions at all in Satellite 7.0\n2054011 - Submit button on Edit page of a host will revert back to a invalid page on Satellite\n2054042 - [RFE] Logs in dynflow console needs more descriptive when SSH REX job fails on Satellite 7. \n2054786 - {\"publication\":[\"Invalid hyperlink - Object does not exist.\"]} error when syncing a repository\n2054969 - Navigation switch between multiple capsules don\u0027t work as expected\n2055391 - After upgrade products with repositories that had Ignorable Content = drpm can no longer be modified\n2055416 - redhat.satellite.content_upload ansible module with unexpected src parameter behavior\n2055979 - [RFE] - use native Ansible module for Install from git job template\n2056188 - The redesigned Host page in Satellite does not offers any option to invoke/schedule a remote execution job for a client system\n2056702 - Import library with overlapping content can fail with unique-constraint violation\n2058037 - UEFI: Grub network boot templates need to be updated\n2059179 - job template selector missing id in the new rex wizard\n2060651 - Cannot upload a package to a repository if the same package already exists in another repository, but is not downloaded\n2062800 - OpenSCAP is using the removed puppetrun setting\n2064979 - Clients can\u0027t subscribe to or enable Red Hat repositories after renewing subscriptions\n2068454 - repositories/import_uploads API endpoint do require two mandatory parameters\n2069306 - [RFE] Need syncable yum-format repository exports\n2069440 - [RFE] new host ui details, upgrades to host status\n2069634 - new host ui details, unable to read the host from different taxonomies when logged in\n2070001 - Space reclaiming fails on a blank Satellite\n2070535 - Content View publish fails with error PG::CardinalityViolation: ERROR: ON CONFLICT DO UPDATE command cannot affect row a second time. \n2070732 - Use more accurate messaging when host statuses are cleared\n2070972 - Sentence case fixes needed in the new Host page\n2072696 - Creating ESX compute resource on vcenter 7.x fails with InvalidArgument: A specified parameter was not correct: deviceChange[1].device.key\n2073305 - installer spams with katello-certs-check output when using custom certs\n2074346 - CVE-2022-24836 nokogiri: ReDoS in HTML encoding detection\n2075056 - new host ui details, repository sets, search auto-complete is missing\n2076843 - CVE-2022-25648 ruby-git: package vulnerable to Command Injection via git argument injection\n2077811 - new host ui, content, errata subtab, when N/A is chosen as severity filter erratas results are empty\n2077822 - new host ui details, add button to navigate to old content UI\n2077824 - [RFE] API to allow search by object ID on any object\n2080324 - Satellite incorrectly reports email test success\n2080423 - Docker pull fails with \u0027missing or empty Content-Length header\u0027\n2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files\n2084130 - CertificateCleanupJob fails with foreign key constraint violation on table cp_upstream_consumer\n2085490 - Discovery and bootdisk templates don\u0027t get description populated from metadata\n2088303 - Webhook raises \"certificate verify failed\" error even the target host is trusted by the system SSL CA bundle\n2089445 - The About page under Administer still refers to IRC channel at Freenode\n2089828 - default Organization and location not set for AD users\n2091044 - new host ui details,ansible roles, submitting form without any roles should show warning\n2092039 - Content import fails if repo labels differ and repo is already imported\n2093884 - Every CV Publish+Promote action followed by an automated Capsule sync task generates a huge traceback \"(ActiveRecord::RecordNotFound): Couldn\u0027t find ForemanTasks::Task::DynflowTask\" in Satellite 6.11\n2094019 - Missing LCE and CV label in CLI CDN configuration\n2095187 - Fail to create virtwho config on nutanix env for error \"Invalid option for hypervisor [ahv]\"\n2095820 - All errata are applied when user only selects certain errata\n2096429 - Global Registration will fail if use a different language\n2098240 - [RFE] Add \u0027System purpose\u0027 card to new host details / Overview tab\n2099620 - Starting or Restarting foreman.socket will raise a harmless \"TCP_NODELAY failed: Operation not supported\" error in Red Hat Satellite 6.9/6.10/6.11\n2100578 - satellite-clone should enable the Satellite module\n2100887 - Repository sets and Errata tabs do not show toggle group when host is in Library environment but non-default content view\n2101579 - Retain packages on Repository removes RPMs from Pulp but not from Katello\n2101882 - CVE-2022-32209 rubygem-rails-html-sanitizer: possible xss with certain configurations\n2101986 - Getting \"NoPermission: Permission to perform this operation was denied.\" when edit host or compute profile\n2102145 - \u0027Satellite-maintain backup online\u0027 states info about Mongo in the warning message\n2102456 - [RFE] - Add static ouia-id to modal with wizard for publishing a cv\n2102825 - satellite-clone fails to adjust ownership of /var/lib/pulp if it\u0027s owned by non-existing user/group\n2102867 - Post upgrade to satellite 6.10, sync summary email notification shows the incorrect summary for newly added errata. \n2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n2103096 - After syncing a repository, it doesn\u0027t sync to the capsule automatically. \n2103099 - satellite-clone fails to restore online backup on RHEL8\n2103102 - MemoryError when importing large repo to disconnected Satellite\n2103106 - Attempt to disable a Red Hat Repository fails with error \"Cannot delete record because of dependent library_instances_inverse\" if the repository is part of any CV versions in Satellite 6.10\n2103110 - undefined method `find\u0027 for nil:NilClass when importing content that has gpg_keys associated to it\n2103129 - RHEL 9 appstream and baseos not showing as recommended repositories\n2103522 - Capsule sync fails with \"Parsing interrupted: The repository metadata being synced into Pulp is erroneous in a way that makes it ambiguous (duplicate NEVRAs)..\"\n2104401 - Improve speed of manifest refresh by running RefreshIfNeeded steps concurrently\n2104498 - Unable to sync jfrog artifactory-pro-rpms repository\n2105048 - Error \u0027modulemd-yaml-error-quark\u0027 while synchronizing fedora modular repository on Satellite 6.10. \n2105107 - Data issue for users on RHEL7 syncing EL8+ EPEL or Fedora Modular repositories\n2105144 - Scheduling a remote execution job through API calls are using UTC instead of timezone\n2105299 - Email notification shows incorrect new errata after syncing an Epel repository\n2105941 - After 6.10 to 6.11 upgrade on FIPS setup, repository sync operations fail with an error \"[digital envelope routines: EVP_DigestInit_ex] disabled for fips\"\n2106000 - Manifest Refresh should ensure environment-content association\n2106090 - Running smart-proxy-openscap-send command returns \"Gemfile lists the gem rsec (\u003c 1) more than once\" on Satellite 6.10. \n2106091 - Exclude filter may exclude errata and packages that are needed\n2106092 - Manifest refresh randomly fails with \"No such file or directory\" when having multile dynflow workers\n2106093 - Simplify self-upgrade mechanism\n2106333 - Add Satellite and Capsule 6.12 upgrade scenarios\n2106659 - Inconsistent packages versioning\n2106691 - Satellite 6.12 still defaults to the legacy host UI\n2106700 - Invocations fail with NoMethodError - undefined method `code\u0027 if capsule loses script feature without satellite noticing\n2106885 - Upgrade to Satellite 6.11 fails in db:seed state with error \"ActiveRecord::RecordInvalid: Validation failed: Name has already been taken\"\n2107252 - Last item in Webhooks table is overflowing\n2107572 - packaging request for pull provider dependencies\n2107577 - execution of roles with missing modules doesn\u0027t fail the execution\n2107701 - [Pulp 3] If a modulemd metadata artifact is missing from the filesystem but has an artifact_id associated with it in database, \"Verify Content Checksum\" cannot fix this problem\n2108169 - foreman-maintain self-upgrade enables RH repos when custom repo mentioned with --maintenance-repo-label for RHEL8\n2108611 - Broken link when accessing the Registration Doc from the Satellite register hosts screen\n2108637 - Remote execution fails for SSH Default when Remote Execution configured for Kerberos Authentication\n2108719 - Upgrading to Satellite 6.11 fails on db:migrate stage with error \"null value in column \"created_at\" violates not-null constraint\"\n2109254 - Remove orphans task going to the paused state with error \"Cannot delete some instances of model \u0027Repository\u0027 because they are referenced through protected foreign keys\" on Red Hat Satellite 6.11\n2109260 - When using immediate downloads and retain_package_versions=X, all packages are downloaded and many are immediately orphaned\n2109298 - ModuleStreamErratumPackages aren\u0027t indexed at first repository syncing\n2109421 - Sendmail package not present on RHEL8 and needs manual configuration\n2109594 - After upgrading to Satellite 6.11 , foreman log is flooded with huge tracebacks related to \"unknown class DockerRegistry, ignoring\" and \"unknown class Container, ignoring\"\n2109606 - Not able to enable repositories when FIPS is enabled. \n2109810 - Search for string in n-v-r.a format fails for custom packages but not for Red Hat packages\n2110003 - smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8\n2110163 - Generate All Reports Job Fails After Upgrade to 6.11 with Missing Logger Method\n2110222 - Insights client traffic through a Satellite 6.11 Capsule fails\n2110731 - [ BUG ] Sync errata email notification is not workng in Satellite 6.11 whereas \"Test Email\" functions fine\n2110872 - Moving between tabs generates \"undefined method `parent_task\u0027 for nil:NilClass\"\n2111038 - new host ui details,ansible roles, bug when all ansible roles are assigned\n2111074 - After LEAPP upgrade katello_candlepin_port_t definition is missing\n2111222 - Need a static ouia-id for the close button on the Confirmation Modal\n2111373 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unassigned automatically\n2111469 - Single host contains too many NICs\n2111570 - AVC denials noticed for gunicorn process after upgrading the Satellite 6.11 OS from RHEL 7 to RHEL 8 using leapp\n2111571 - Multiples of every module stream show in the web UI\n2111578 - Rebooting Sat611 on RHEL8 removes all pulp logs\n2111921 - [New Host UI] Ansible tab only shows \"view all assigned roles\" when at least one host specific role has been added\n2112015 - After deploying custom certs on Satellite, signed by a new CA, capsule can\u0027t fetch on-demand content\n2112093 - GUI shows \"Capsule Authorization\" disabled even if it was enabled during the creation of the webhook in Satellite 6.10\n2112098 - Need to be able to provide custom cert for ISS for Red Hat CDN\n2112436 - After initial build of a UEFI VM using Red Hat Satellite, the system fails to boot up with error \"Partition with known EFI file not found\" when VM Hardware version is 17 or above\n2112979 - Don\u0027t ship foreman-proxy-selinux in capsule repos\n2113013 - documentation button on capsule page goes to a broken link\n2113905 - [RHSSO] [Installer][RHEL8]- RHSSO feature settings are not getting enabled and failed with HTTPD CONF issue . \n2113946 - Mirroring complete ansible galaxy fails with the following message: \u0027NoneType\u0027 object has no attribute \u0027get\u0027\n2113996 - Search for non-integer job id will result in error page\n2115229 - pull-provider rex jobs occassionally hanging\n2115686 - [RFE] Provide a functionality in Satellite to import pre-existing Ansible playbooks into Job Templates\n2115767 - Unable to apply all Errata via Remote Execution on Web UI with \"Select All\"\n2115775 - hammer command not working for non-root user post upgrading satellite to version 6.11\n2115822 - New host details UI does not work at all\n2115832 - Running \"satellite-maintain self-upgrade\" on a Satellite\\Capsule 6.11.1.1 fails with error \"Error: \u0027satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms\u0027 does not match a valid repository ID\"\n2116123 - Even though the CreateRssNotifications job gets completed, It fails to fetch RSS with error \u0027(NameError): uninitialized constant Foreman::HttpProxy::NetHttpExt\u0027 in Satellite 6.12\n2116276 - Hammmer task progress command returns Error: undefined method `empty?\u0027 for nil:NilClass\n2116385 - [RFE] Add deprecation warning/banner on Compute Resources page about deprecation of RHEV support\n2116871 - Package \"python3-pulp_manifest\" is not available in Satellite Utils repository\n2117382 - Only first certificate from a content credential is considered by katello when updating CDN configuration to use Network Sync\n2117489 - not all dependencies are allowed by foreman-protector\n2117522 - satellite-upgrade to 6.12 fails in packages-update step to resolve python dependencies\n2118055 - When installing errata via katello-agent, content_action_finish_timeout is ignored and tasks don\u0027t wait for client status to finish\n2118252 - dnf can\u0027t load foreman-protector.py as a regular user\n2118356 - katello-pull-transport-migrate missing in RHEL9 Client repos\n2118431 - Incremental export on repository exports not working correctly after syncably exporting repository\n2118689 - Boding interface bondig slaves are always changed to lower case\n2118694 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: ERROR: update or delete on table \"katello_module_profiles\" violates foreign key constraint \"katello_mod_profile_rpm_mod_profile_id_fk\" on table \"katello_module_profile_rpms\"\n2118772 - Satellite upgrade to 6.12 fails during db:migrate with PG::UndefinedColumn: ERROR: column \"created_at\" of relation \"taxable_taxonomies\" does not exist\n2118790 - Convert2rhel playbook tries to install RHEL8 convert2rhel package\n2118950 - Unable to configure cloud connector on Satellite 6.12.0\n2118966 - [Pulp3] When working with docker type repos, syslogs is flooded with warnings \"The model \u003cclass \u0027pulp_container.app.models.ContainerNamespace\u0027\u003e defines the \u0027ACCESS_POLICY_VIEWSET_NAME\u0027 class attribute\" in Satellite 6.12\n2119112 - subpaths field is mandatory while creating ACS in the UI\n2119117 - ACS create fails when --smart-proxy-ids option not passed with \"undefined method `uniq\u0027 for nil:NilClass\"\n2119120 - ACS create fails when same name used with \"PG::UniqueViolation: ERROR: duplicate key value violates unique constraint\"\n2119124 - ACS create form displays capsule names without spaces on review details page in UI\n2119190 - ACS create wizard: select capsule step says \"Name source\"\n2119234 - Timezone/timestamp issue with Ansible configuration management reports run via Capsule servers\n2119688 - running ansible default roles in Satellite 6.11.1.1 shows an error page\n2120148 - Remove spinner from Packages \u0026 Module streams tabs during REX job polling\n2120224 - Host collections card shows empty card without any text when no host collections are present\n2120299 - \u0027This host has errata that are applicable, but not installable\u0027 message incorrectly appears\n2120327 - Discovery Organization setting is shown as Discovery Location setting\n2120414 - Show arch restrictions on Repository Sets tab (new host details)\n2120579 - remote execution interface missing in global registration dialog\n2120632 - After Upgrading LEAPPed Satellite to 6.12 pulp is not connected to redis\n2120715 - Satellite 6.11 GUI documentation URL takes to a non existing URL with 404\n2120992 - Running satellite-clone on SAT6.12 fails beacuse it\u0027s not supported\n2121238 - Importing a custom repository with different label but same name causes validation error\n2121249 - Syncable Exports have spaces in the exported paths\n2121583 - Sync of an Ansible collection repo to the Capsule fails\n2121689 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository\n2121738 - host details jobs - change from list to table\n2121739 - host details audits, change from list to table\n2121954 - When searching for content, dropdown filters are literal search terms. \n2122090 - Syncable exports not properly validated\n2122214 - katello-certs-check propose not valid command for capsule\n2122764 - Indexing error if a collection to be synced from galaxy doesn\u0027t have tags associated. \n2122780 - Pub url is not accessible on the Satellite nor Capsule server\n2122945 - Satellite manifest upload/import error: Unexpected exception occurred while executing transactional block\n2123352 - Updating katello-ca package does not update certs in yggdrasild service for REX pull mode client\n2123405 - [RFE] - Add rhel-6-server-els-rpms repository under recommended repositories\n2124047 - Accessing an external capsule from UI, shows \"Last sync failed: 404 Not Found\" even if the last capsule content sync was successful in Satellite 6.12\n2124051 - Ansible-type REX jobs are still delegated by satellite 6.12 to be executed via an external Capsule 6.12 even if the ansible feature is not enabled on the same\n2124087 - The \"Change Content Source\" option does not provides steps to change the yggdrasil configuration in case putt-mqtt mode is use in Satellite 6.12\n2124271 - After installing katello-agent on a RHEL 9 host, Goferd service fails to start with error AttributeError: \u0027Scheduler\u0027 object has no attribute \u0027isAlive\u0027\n2124568 - \u0027candlepin-validate-db\u0027 pre-upgrade check fails with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup with SSL\n2124663 - Host details statuses clear button is always disabled\n2124850 - failure to enable async-ssh rex mode with Couldn\u0027t enable \u0027script\u0027\n2124851 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address\n2124928 - Webhooks page in UI is broken\n2125022 - Content View Versions generated by Export are still listed in Composite CVs page\n2125244 - Sync of a docker type repository containing schema 1 manifest fails with error\n2125317 - Fix details tab cards Expand/collapse all behavior\n2125585 - Satellite can not be installed on RHEL 8.7\n2125669 - Navigating to content view page from the left panel after creating a cv does not work\n2127099 - Unsupported Installer report plugin exist in the downstream Satellite 6.12\n2127318 - ACS create wizard: review details step displays password in plaintext when manual auth is selected\n2127934 - rex pull-provider client not configured during host provisioning\n2127940 - save_to_file macro does not work if the thing being saved contains a heredoc terminated with EOF\n2128209 - ssh-async rex job fails with OpenSSL::SSL::SSLError\n2128422 - Repository Sets on new Hosts details produces error page\n2129002 - ACS create wizard: select capsule shows duplicate entries in dual-list selector widget\n2131729 - Repository sets does not work on new host details page\n2133468 - Upgrade fails to apply rpm.0044_noartifact_modules pulpcore migration\n2139368 - can\u0027t save discovery settings on an upgraded Satellite 6.12\n2139369 - can\u0027t save bootdisk settings on an upgraded Satellite 6.12\n2139371 - can\u0027t save RH Cloud settings on an upgraded Satellite 6.12\n\n6. Package List:\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-4.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncandlepin-4.1.15-1.el8sat.src.rpm\ncjson-1.7.14-5.el8sat.src.rpm\ncreaterepo_c-0.20.1-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.3.0.17-1.el8sat.src.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.3.0.8-1.el8sat.src.rpm\nforeman-proxy-3.3.0-1.el8sat.src.rpm\nforeman-selinux-3.3.0-2.el8sat.src.rpm\nkatello-4.5.0-1.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nkatello-selinux-4.0.2-2.el8sat.src.rpm\nlibcomps-0.1.18-4.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-4.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\nmosquitto-2.0.14-1.el8sat.src.rpm\npostgresql-evr-0.0.2-1.el8sat.src.rpm\npulpcore-selinux-1.3.2-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-3.el8pc.src.rpm\npython-aiofiles-0.8.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-3.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm\npython-aioredis-2.0.1-2.el8pc.src.rpm\npython-aiosignal-1.2.0-2.el8pc.src.rpm\npython-ansible-builder-1.0.1-4.el8pc.src.rpm\npython-asgiref-3.5.0-2.el8pc.src.rpm\npython-async-lru-1.0.2-3.el8pc.src.rpm\npython-async-timeout-4.0.2-2.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-3.el8pc.src.rpm\npython-attrs-21.4.0-2.el8pc.src.rpm\npython-backoff-1.11.1-2.el8pc.src.rpm\npython-bindep-2.10.2-4.el8pc.src.rpm\npython-bleach-3.3.1-2.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-3.el8pc.src.rpm\npython-bracex-2.2.1-2.el8pc.src.rpm\npython-brotli-1.0.9-2.el8pc.src.rpm\npython-cchardet-2.1.7-4.el8pc.src.rpm\npython-certifi-2020.6.20-3.el8pc.src.rpm\npython-cffi-1.15.0-2.el8pc.src.rpm\npython-chardet-4.0.0-2.el8pc.src.rpm\npython-charset-normalizer-2.0.11-4.el8pc.src.rpm\npython-click-8.0.3-2.el8pc.src.rpm\npython-click-shell-2.1-3.el8pc.src.rpm\npython-colorama-0.4.4-3.el8pc.src.rpm\npython-commonmark-0.9.1-5.el8pc.src.rpm\npython-contextlib2-21.6.0-3.el8pc.src.rpm\npython-cryptography-3.4.8-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-3.el8pc.src.rpm\npython-dateutil-2.8.2-2.el8pc.src.rpm\npython-debian-0.1.43-2.el8pc.src.rpm\npython-defusedxml-0.7.1-3.el8pc.src.rpm\npython-diff-match-patch-20200713-3.el8pc.src.rpm\npython-distro-1.6.0-3.el8pc.src.rpm\npython-django-3.2.14-2.el8pc.src.rpm\npython-django-currentuser-0.5.3-5.el8pc.src.rpm\npython-django-filter-21.1-3.el8pc.src.rpm\npython-django-guardian-2.4.0-5.el8pc.src.rpm\npython-django-guid-3.2.2-1.el8pc.src.rpm\npython-django-import-export-2.7.1-6.el8pc.src.rpm\npython-django-lifecycle-0.9.6-3.el8pc.src.rpm\npython-django-prometheus-2.1.0-3.el8pc.src.rpm\npython-django-readonly-field-1.1.1-3.el8pc.src.rpm\npython-djangorestframework-3.13.1-2.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm\npython-drf-access-policy-1.1.0-3.el8pc.src.rpm\npython-drf-nested-routers-0.93.4-3.el8pc.src.rpm\npython-drf-spectacular-0.21.2-2.el8pc.src.rpm\npython-dynaconf-3.1.7-4.el8pc.src.rpm\npython-ecdsa-0.14.1-2.el8pc.src.rpm\npython-enrich-1.2.6-5.el8pc.src.rpm\npython-et-xmlfile-1.1.0-2.el8pc.src.rpm\npython-flake8-3.9.2-5.el8pc.src.rpm\npython-frozenlist-1.3.0-2.el8pc.src.rpm\npython-future-0.18.2-5.el8pc.src.rpm\npython-galaxy-importer-0.4.5-1.el8pc.src.rpm\npython-gitdb-4.0.9-2.el8pc.src.rpm\npython-gitpython-3.1.26-3.el8pc.src.rpm\npython-gnupg-0.4.8-2.el8pc.src.rpm\npython-gunicorn-20.1.0-5.el8pc.src.rpm\npython-idna-3.3-2.el8pc.src.rpm\npython-idna-ssl-1.1.0-5.el8pc.src.rpm\npython-importlib-metadata-4.10.1-2.el8pc.src.rpm\npython-importlib-resources-5.4.0-4.el8pc.src.rpm\npython-inflection-0.5.1-3.el8pc.src.rpm\npython-iniparse-0.4-35.el8pc.src.rpm\npython-jinja2-3.0.3-2.el8pc.src.rpm\npython-jsonschema-4.6.0-4.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-2.el8pc.src.rpm\npython-markdown-3.3.6-3.el8pc.src.rpm\npython-markuppy-1.14-3.el8pc.src.rpm\npython-markupsafe-2.0.1-3.el8pc.src.rpm\npython-mccabe-0.6.1-3.el8pc.src.rpm\npython-multidict-6.0.2-2.el8pc.src.rpm\npython-naya-1.1.1-3.el8pc.src.rpm\npython-odfpy-1.4.1-6.el8pc.src.rpm\npython-openpyxl-3.0.9-2.el8pc.src.rpm\npython-packaging-21.3-1.el8pc.src.rpm\npython-parsley-1.3-2.el8pc.src.rpm\npython-pbr-5.8.0-4.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-3.el8pc.src.rpm\npython-prometheus-client-0.8.0-3.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.3-2.el8pc.src.rpm\npython-pulp-ansible-0.13.2-2.el8pc.src.rpm\npython-pulp-certguard-1.5.2-3.el8pc.src.rpm\npython-pulp-cli-0.14.0-4.el8pc.src.rpm\npython-pulp-container-2.10.9-1.el8pc.src.rpm\npython-pulp-deb-2.18.0-3.el8pc.src.rpm\npython-pulp-file-1.10.2-2.el8pc.src.rpm\npython-pulp-rpm-3.18.7-1.el8pc.src.rpm\npython-pulp_manifest-3.0.0-3.el8pc.src.rpm\npython-pulpcore-3.18.10-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-3.el8pc.src.rpm\npython-pycairo-1.20.1-3.el8pc.src.rpm\npython-pycares-4.1.2-2.el8pc.src.rpm\npython-pycodestyle-2.7.0-5.el8pc.src.rpm\npython-pycparser-2.21-2.el8pc.src.rpm\npython-pycryptodomex-3.14.1-2.el8pc.src.rpm\npython-pyflakes-2.3.1-5.el8pc.src.rpm\npython-pygments-2.11.2-2.el8pc.src.rpm\npython-pygobject-3.40.1-3.el8pc.src.rpm\npython-pygtrie-2.4.2-3.el8pc.src.rpm\npython-pyjwkest-1.4.2-6.el8pc.src.rpm\npython-pyjwt-1.7.1-8.el8pc.src.rpm\npython-pyparsing-2.4.7-3.el8pc.src.rpm\npython-pyrsistent-0.18.1-2.el8pc.src.rpm\npython-pytz-2021.3-2.el8pc.src.rpm\npython-pyyaml-5.4.1-4.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-3.el8pc.src.rpm\npython-requests-2.27.1-2.el8pc.src.rpm\npython-requirements-parser-0.2.0-3.el8pc.src.rpm\npython-rhsm-1.19.2-3.el8pc.src.rpm\npython-rich-10.12.0-3.el8pc.src.rpm\npython-ruamel-yaml-0.17.20-2.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm\npython-schema-0.7.5-2.el8pc.src.rpm\npython-semantic-version-2.10.0-1.el8pc.src.rpm\npython-six-1.16.0-2.el8pc.src.rpm\npython-smmap-5.0.0-2.el8pc.src.rpm\npython-sqlparse-0.4.2-3.el8pc.src.rpm\npython-tablib-3.2.0-3.el8pc.src.rpm\npython-tenacity-7.0.0-3.el8pc.src.rpm\npython-toml-0.10.2-3.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-2.el8pc.src.rpm\npython-uritemplate-4.1.1-2.el8pc.src.rpm\npython-url-normalize-1.4.3-4.el8pc.src.rpm\npython-urllib3-1.26.8-2.el8pc.src.rpm\npython-urlman-1.4.0-3.el8pc.src.rpm\npython-wcmatch-8.3-2.el8pc.src.rpm\npython-webencodings-0.5.1-3.el8pc.src.rpm\npython-whitenoise-6.0.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-5.el8pc.src.rpm\npython-xlwt-1.3.0-3.el8pc.src.rpm\npython-yarl-1.7.2-2.el8pc.src.rpm\npython-zipp-3.4.0-4.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.src.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.src.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.src.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.src.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.src.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.src.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.src.rpm\nrubygem-addressable-2.8.0-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-ancestry-3.0.7-2.el8sat.src.rpm\nrubygem-anemone-0.7.2-23.el8sat.src.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.src.rpm\nrubygem-audited-4.9.0-4.el8sat.src.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm\nrubygem-builder-3.2.4-2.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.src.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.src.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm\nrubygem-colorize-0.8.1-2.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.src.rpm\nrubygem-crass-1.0.6-2.el8sat.src.rpm\nrubygem-css_parser-1.4.7-5.el8sat.src.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.src.rpm\nrubygem-deacon-1.0.0-5.el8sat.src.rpm\nrubygem-declarative-0.0.10-3.el8sat.src.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.src.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm\nrubygem-deface-1.5.3-3.el8sat.src.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-erubi-1.9.0-2.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-execjs-2.7.0-5.el8sat.src.rpm\nrubygem-facter-4.0.51-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.src.rpm\nrubygem-fog-core-2.1.0-4.el8sat.src.rpm\nrubygem-fog-google-1.11.0-2.el8sat.src.rpm\nrubygem-fog-json-1.2.0-4.el8sat.src.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.src.rpm\nrubygem-fog-ovirt-2.0.2-1.el8sat.src.rpm\nrubygem-fog-vsphere-3.5.2-1.el8sat.src.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.src.rpm\nrubygem-foreman-tasks-6.0.3-1.el8sat.src.rpm\nrubygem-foreman_ansible-7.1.4.1-1.el8sat.src.rpm\nrubygem-foreman_azure_rm-2.2.6-3.1.el8sat.src.rpm\nrubygem-foreman_bootdisk-19.0.7-1.el8sat.src.rpm\nrubygem-foreman_discovery-21.0.4-1.el8sat.src.rpm\nrubygem-foreman_hooks-0.3.17-3.el8sat.src.rpm\nrubygem-foreman_kubevirt-0.1.9-4.el8sat.src.rpm\nrubygem-foreman_leapp-0.1.10-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-foreman_openscap-5.2.2-2.el8sat.src.rpm\nrubygem-foreman_puppet-4.0.3-1.el8sat.src.rpm\nrubygem-foreman_remote_execution-7.2.2-1.el8sat.src.rpm\nrubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm\nrubygem-foreman_templates-9.3.0-1.1.el8sat.src.rpm\nrubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.src.rpm\nrubygem-foreman_virt_who_configure-0.5.9-1.el8sat.src.rpm\nrubygem-foreman_webhooks-3.0.4-1.el8sat.src.rpm\nrubygem-formatador-0.2.1-13.el8sat.src.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.src.rpm\nrubygem-fx-0.5.0-2.el8sat.src.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm\nrubygem-git-1.11.0-1.el8sat.src.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm\nrubygem-globalid-0.4.2-2.el8sat.src.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.src.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm\nrubygem-googleauth-0.13.1-2.el8sat.src.rpm\nrubygem-graphql-1.8.14-3.el8sat.src.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-hocon-1.3.1-2.el8sat.src.rpm\nrubygem-http-3.3.0-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.src.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm\nrubygem-httpclient-2.8.3-4.el8sat.src.rpm\nrubygem-i18n-1.8.2-2.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-ipaddress-0.8.3-1.el8sat.src.rpm\nrubygem-jgrep-1.3.3-11.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-katello-4.5.0.20-1.el8sat.src.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.src.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-loofah-2.4.0-2.el8sat.src.rpm\nrubygem-mail-2.7.1-2.el8sat.src.rpm\nrubygem-marcel-1.0.1-1.el8sat.src.rpm\nrubygem-memoist-0.16.0-3.el8sat.src.rpm\nrubygem-method_source-0.9.2-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.src.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.src.rpm\nrubygem-net-ping-2.0.1-5.el8sat.src.rpm\nrubygem-net-scp-1.2.1-5.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.src.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-optimist-3.0.0-3.el8sat.src.rpm\nrubygem-os-1.0.0-3.el8sat.src.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm\nrubygem-parallel-1.19.1-2.el8sat.src.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.src.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.src.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.src.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.src.rpm\nrubygem-pulp_ansible_client-0.13.1-1.el8sat.src.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm\nrubygem-pulp_container_client-2.10.3-1.el8sat.src.rpm\nrubygem-pulp_deb_client-2.18.0-1.el8sat.src.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm\nrubygem-pulp_python_client-3.6.0-1.el8sat.src.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm\nrubygem-pulpcore_client-3.18.5-1.el8sat.src.rpm\nrubygem-puma-5.6.2-1.el8sat.src.rpm\nrubygem-puma-status-1.3-1.el8sat.src.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.src.rpm\nrubygem-quantile-0.2.0-5.el8sat.src.rpm\nrubygem-rabl-0.14.3-2.el8sat.src.rpm\nrubygem-rack-2.2.4-1.el8sat.src.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.src.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.src.rpm\nrubygem-rack-test-1.1.0-5.el8sat.src.rpm\nrubygem-rails-6.0.4.7-1.el8sat.src.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm\nrubygem-rails-html-sanitizer-1.4.3-2.el8sat.src.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.src.rpm\nrubygem-railties-6.0.4.7-1.el8sat.src.rpm\nrubygem-rainbow-2.2.2-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.src.rpm\nrubygem-rchardet-1.8.0-1.el8sat.src.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-redis-4.5.1-1.el8sat.src.rpm\nrubygem-representable-3.0.4-3.el8sat.src.rpm\nrubygem-responders-3.0.0-4.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-retriable-3.1.2-3.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-roadie-3.4.0-4.el8sat.src.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.src.rpm\nrubygem-robotex-1.0.0-22.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-runcible-2.13.1-2.el8sat.src.rpm\nrubygem-safemode-1.3.6-2.el8sat.src.rpm\nrubygem-scoped_search-4.1.10-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.src.rpm\nrubygem-sequel-5.53.0-1.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.src.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.src.rpm\nrubygem-signet-0.14.0-2.el8sat.src.rpm\nrubygem-sinatra-2.2.0-1.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sprockets-4.0.2-2.el8sat.src.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.src.rpm\nrubygem-sshkey-1.9.0-5.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-stomp-1.4.9-2.el8sat.src.rpm\nrubygem-thor-1.0.1-3.el8sat.src.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-timeliness-0.3.10-2.el8sat.src.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.src.rpm\nrubygem-uber-0.1.0-3.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.src.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\nsatellite-installer-6.12.0.5-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-4.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\ncandlepin-4.1.15-1.el8sat.noarch.rpm\ncandlepin-selinux-4.1.15-1.el8sat.noarch.rpm\nforeman-3.3.0.17-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm\nforeman-cli-3.3.0.17-1.el8sat.noarch.rpm\nforeman-debug-3.3.0.17-1.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-dynflow-sidekiq-3.3.0.17-1.el8sat.noarch.rpm\nforeman-ec2-3.3.0.17-1.el8sat.noarch.rpm\nforeman-gce-3.3.0.17-1.el8sat.noarch.rpm\nforeman-installer-3.3.0.8-1.el8sat.noarch.rpm\nforeman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm\nforeman-journald-3.3.0.17-1.el8sat.noarch.rpm\nforeman-libvirt-3.3.0.17-1.el8sat.noarch.rpm\nforeman-openstack-3.3.0.17-1.el8sat.noarch.rpm\nforeman-ovirt-3.3.0.17-1.el8sat.noarch.rpm\nforeman-postgresql-3.3.0.17-1.el8sat.noarch.rpm\nforeman-proxy-3.3.0-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.3.0-1.el8sat.noarch.rpm\nforeman-selinux-3.3.0-2.el8sat.noarch.rpm\nforeman-service-3.3.0.17-1.el8sat.noarch.rpm\nforeman-telemetry-3.3.0.17-1.el8sat.noarch.rpm\nforeman-vmware-3.3.0.17-1.el8sat.noarch.rpm\nkatello-4.5.0-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.5.0-1.el8sat.noarch.rpm\nkatello-debug-4.5.0-1.el8sat.noarch.rpm\nkatello-selinux-4.0.2-2.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython39-aiodns-3.0.0-3.el8pc.noarch.rpm\npython39-aiofiles-0.8.0-2.el8pc.noarch.rpm\npython39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm\npython39-aioredis-2.0.1-2.el8pc.noarch.rpm\npython39-aiosignal-1.2.0-2.el8pc.noarch.rpm\npython39-ansible-builder-1.0.1-4.el8pc.noarch.rpm\npython39-asgiref-3.5.0-2.el8pc.noarch.rpm\npython39-async-lru-1.0.2-3.el8pc.noarch.rpm\npython39-async-timeout-4.0.2-2.el8pc.noarch.rpm\npython39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm\npython39-attrs-21.4.0-2.el8pc.noarch.rpm\npython39-backoff-1.11.1-2.el8pc.noarch.rpm\npython39-bindep-2.10.2-4.el8pc.noarch.rpm\npython39-bleach-3.3.1-2.el8pc.noarch.rpm\npython39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm\npython39-bracex-2.2.1-2.el8pc.noarch.rpm\npython39-certifi-2020.6.20-3.el8pc.noarch.rpm\npython39-chardet-4.0.0-2.el8pc.noarch.rpm\npython39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm\npython39-click-8.0.3-2.el8pc.noarch.rpm\npython39-click-shell-2.1-3.el8pc.noarch.rpm\npython39-colorama-0.4.4-3.el8pc.noarch.rpm\npython39-commonmark-0.9.1-5.el8pc.noarch.rpm\npython39-contextlib2-21.6.0-3.el8pc.noarch.rpm\npython39-dataclasses-0.8-3.el8pc.noarch.rpm\npython39-dateutil-2.8.2-2.el8pc.noarch.rpm\npython39-debian-0.1.43-2.el8pc.noarch.rpm\npython39-defusedxml-0.7.1-3.el8pc.noarch.rpm\npython39-diff-match-patch-20200713-3.el8pc.noarch.rpm\npython39-distro-1.6.0-3.el8pc.noarch.rpm\npython39-django-3.2.14-2.el8pc.noarch.rpm\npython39-django-currentuser-0.5.3-5.el8pc.noarch.rpm\npython39-django-filter-21.1-3.el8pc.noarch.rpm\npython39-django-guardian-2.4.0-5.el8pc.noarch.rpm\npython39-django-guid-3.2.2-1.el8pc.noarch.rpm\npython39-django-import-export-2.7.1-6.el8pc.noarch.rpm\npython39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm\npython39-django-prometheus-2.1.0-3.el8pc.noarch.rpm\npython39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm\npython39-djangorestframework-3.13.1-2.el8pc.noarch.rpm\npython39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm\npython39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm\npython39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm\npython39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm\npython39-dynaconf-3.1.7-4.el8pc.noarch.rpm\npython39-ecdsa-0.14.1-2.el8pc.noarch.rpm\npython39-enrich-1.2.6-5.el8pc.noarch.rpm\npython39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm\npython39-flake8-3.9.2-5.el8pc.noarch.rpm\npython39-future-0.18.2-5.el8pc.noarch.rpm\npython39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm\npython39-gitdb-4.0.9-2.el8pc.noarch.rpm\npython39-gitpython-3.1.26-3.el8pc.noarch.rpm\npython39-gnupg-0.4.8-2.el8pc.noarch.rpm\npython39-gunicorn-20.1.0-5.el8pc.noarch.rpm\npython39-idna-3.3-2.el8pc.noarch.rpm\npython39-idna-ssl-1.1.0-5.el8pc.noarch.rpm\npython39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm\npython39-importlib-resources-5.4.0-4.el8pc.noarch.rpm\npython39-inflection-0.5.1-3.el8pc.noarch.rpm\npython39-iniparse-0.4-35.el8pc.noarch.rpm\npython39-jinja2-3.0.3-2.el8pc.noarch.rpm\npython39-jsonschema-4.6.0-4.el8pc.noarch.rpm\npython39-markdown-3.3.6-3.el8pc.noarch.rpm\npython39-markuppy-1.14-3.el8pc.noarch.rpm\npython39-mccabe-0.6.1-3.el8pc.noarch.rpm\npython39-naya-1.1.1-3.el8pc.noarch.rpm\npython39-odfpy-1.4.1-6.el8pc.noarch.rpm\npython39-openpyxl-3.0.9-2.el8pc.noarch.rpm\npython39-packaging-21.3-1.el8pc.noarch.rpm\npython39-parsley-1.3-2.el8pc.noarch.rpm\npython39-pbr-5.8.0-4.el8pc.noarch.rpm\npython39-productmd-1.33-3.el8pc.noarch.rpm\npython39-prometheus-client-0.8.0-3.el8pc.noarch.rpm\npython39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm\npython39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm\npython39-pulp-cli-0.14.0-4.el8pc.noarch.rpm\npython39-pulp-container-2.10.9-1.el8pc.noarch.rpm\npython39-pulp-deb-2.18.0-3.el8pc.noarch.rpm\npython39-pulp-file-1.10.2-2.el8pc.noarch.rpm\npython39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm\npython39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm\npython39-pulpcore-3.18.10-1.el8pc.noarch.rpm\npython39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm\npython39-pycodestyle-2.7.0-5.el8pc.noarch.rpm\npython39-pycparser-2.21-2.el8pc.noarch.rpm\npython39-pyflakes-2.3.1-5.el8pc.noarch.rpm\npython39-pygments-2.11.2-2.el8pc.noarch.rpm\npython39-pygtrie-2.4.2-3.el8pc.noarch.rpm\npython39-pyjwkest-1.4.2-6.el8pc.noarch.rpm\npython39-pyjwt-1.7.1-8.el8pc.noarch.rpm\npython39-pyparsing-2.4.7-3.el8pc.noarch.rpm\npython39-pytz-2021.3-2.el8pc.noarch.rpm\npython39-redis-3.5.3-3.el8pc.noarch.rpm\npython39-requests-2.27.1-2.el8pc.noarch.rpm\npython39-requirements-parser-0.2.0-3.el8pc.noarch.rpm\npython39-rich-10.12.0-3.el8pc.noarch.rpm\npython39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm\npython39-schema-0.7.5-2.el8pc.noarch.rpm\npython39-semantic-version-2.10.0-1.el8pc.noarch.rpm\npython39-six-1.16.0-2.el8pc.noarch.rpm\npython39-smmap-5.0.0-2.el8pc.noarch.rpm\npython39-sqlparse-0.4.2-3.el8pc.noarch.rpm\npython39-tablib-3.2.0-3.el8pc.noarch.rpm\npython39-tenacity-7.0.0-3.el8pc.noarch.rpm\npython39-toml-0.10.2-3.el8pc.noarch.rpm\npython39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm\npython39-uritemplate-4.1.1-2.el8pc.noarch.rpm\npython39-url-normalize-1.4.3-4.el8pc.noarch.rpm\npython39-urllib3-1.26.8-2.el8pc.noarch.rpm\npython39-urlman-1.4.0-3.el8pc.noarch.rpm\npython39-wcmatch-8.3-2.el8pc.noarch.rpm\npython39-webencodings-0.5.1-3.el8pc.noarch.rpm\npython39-whitenoise-6.0.0-1.el8pc.noarch.rpm\npython39-xlrd-2.0.1-5.el8pc.noarch.rpm\npython39-xlwt-1.3.0-3.el8pc.noarch.rpm\npython39-zipp-3.4.0-4.el8pc.noarch.rpm\nqpid-dispatch-tools-1.14.0-6.el8.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm\nrubygem-addressable-2.8.0-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-ancestry-3.0.7-2.el8sat.noarch.rpm\nrubygem-anemone-0.7.2-23.el8sat.noarch.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm\nrubygem-audited-4.9.0-4.el8sat.noarch.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm\nrubygem-builder-3.2.4-2.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm\nrubygem-colorize-0.8.1-2.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm\nrubygem-crass-1.0.6-2.el8sat.noarch.rpm\nrubygem-css_parser-1.4.7-5.el8sat.noarch.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm\nrubygem-deacon-1.0.0-5.el8sat.noarch.rpm\nrubygem-declarative-0.0.10-3.el8sat.noarch.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm\nrubygem-deface-1.5.3-3.el8sat.noarch.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-erubi-1.9.0-2.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-execjs-2.7.0-5.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm\nrubygem-fog-core-2.1.0-4.el8sat.noarch.rpm\nrubygem-fog-google-1.11.0-2.el8sat.noarch.rpm\nrubygem-fog-json-1.2.0-4.el8sat.noarch.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm\nrubygem-fog-ovirt-2.0.2-1.el8sat.noarch.rpm\nrubygem-fog-vsphere-3.5.2-1.el8sat.noarch.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm\nrubygem-foreman-tasks-6.0.3-1.el8sat.noarch.rpm\nrubygem-foreman_ansible-7.1.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_azure_rm-2.2.6-3.1.el8sat.noarch.rpm\nrubygem-foreman_bootdisk-19.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_discovery-21.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_hooks-0.3.17-3.el8sat.noarch.rpm\nrubygem-foreman_kubevirt-0.1.9-4.el8sat.noarch.rpm\nrubygem-foreman_leapp-0.1.10-2.1.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-foreman_openscap-5.2.2-2.el8sat.noarch.rpm\nrubygem-foreman_puppet-4.0.3-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-7.2.2-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-cockpit-7.2.2-1.el8sat.noarch.rpm\nrubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm\nrubygem-foreman_templates-9.3.0-1.1.el8sat.noarch.rpm\nrubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_virt_who_configure-0.5.9-1.el8sat.noarch.rpm\nrubygem-foreman_webhooks-3.0.4-1.el8sat.noarch.rpm\nrubygem-formatador-0.2.1-13.el8sat.noarch.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm\nrubygem-fx-0.5.0-2.el8sat.noarch.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm\nrubygem-git-1.11.0-1.el8sat.noarch.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm\nrubygem-globalid-0.4.2-2.el8sat.noarch.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm\nrubygem-googleauth-0.13.1-2.el8sat.noarch.rpm\nrubygem-graphql-1.8.14-3.el8sat.noarch.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-hocon-1.3.1-2.el8sat.noarch.rpm\nrubygem-http-3.3.0-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm\nrubygem-httpclient-2.8.3-4.el8sat.noarch.rpm\nrubygem-i18n-1.8.2-2.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-ipaddress-0.8.3-1.el8sat.noarch.rpm\nrubygem-jgrep-1.3.3-11.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-katello-4.5.0.20-1.el8sat.noarch.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-loofah-2.4.0-2.el8sat.noarch.rpm\nrubygem-mail-2.7.1-2.el8sat.noarch.rpm\nrubygem-marcel-1.0.1-1.el8sat.noarch.rpm\nrubygem-memoist-0.16.0-3.el8sat.noarch.rpm\nrubygem-method_source-0.9.2-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm\nrubygem-net-ping-2.0.1-5.el8sat.noarch.rpm\nrubygem-net-scp-1.2.1-5.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-optimist-3.0.0-3.el8sat.noarch.rpm\nrubygem-os-1.0.0-3.el8sat.noarch.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm\nrubygem-parallel-1.19.1-2.el8sat.noarch.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm\nrubygem-pulp_ansible_client-0.13.1-1.el8sat.noarch.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm\nrubygem-pulp_container_client-2.10.3-1.el8sat.noarch.rpm\nrubygem-pulp_deb_client-2.18.0-1.el8sat.noarch.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm\nrubygem-pulp_python_client-3.6.0-1.el8sat.noarch.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm\nrubygem-pulpcore_client-3.18.5-1.el8sat.noarch.rpm\nrubygem-puma-status-1.3-1.el8sat.noarch.rpm\nrubygem-quantile-0.2.0-5.el8sat.noarch.rpm\nrubygem-rabl-0.14.3-2.el8sat.noarch.rpm\nrubygem-rack-2.2.4-1.el8sat.noarch.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm\nrubygem-rack-test-1.1.0-5.el8sat.noarch.rpm\nrubygem-rails-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm\nrubygem-rails-html-sanitizer-1.4.3-2.el8sat.noarch.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm\nrubygem-railties-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rainbow-2.2.2-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm\nrubygem-rchardet-1.8.0-1.el8sat.noarch.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-redis-4.5.1-1.el8sat.noarch.rpm\nrubygem-representable-3.0.4-3.el8sat.noarch.rpm\nrubygem-responders-3.0.0-4.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-retriable-3.1.2-3.el8sat.noarch.rpm\nrubygem-roadie-3.4.0-4.el8sat.noarch.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm\nrubygem-robotex-1.0.0-22.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-runcible-2.13.1-2.el8sat.noarch.rpm\nrubygem-safemode-1.3.6-2.el8sat.noarch.rpm\nrubygem-scoped_search-4.1.10-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm\nrubygem-sequel-5.53.0-1.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm\nrubygem-signet-0.14.0-2.el8sat.noarch.rpm\nrubygem-sinatra-2.2.0-1.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-sprockets-4.0.2-2.el8sat.noarch.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm\nrubygem-sshkey-1.9.0-5.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-stomp-1.4.9-2.el8sat.noarch.rpm\nrubygem-thor-1.0.1-3.el8sat.noarch.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-timeliness-0.3.10-2.el8sat.noarch.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm\nrubygem-uber-0.1.0-3.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm\nsatellite-6.12.0-4.el8sat.noarch.rpm\nsatellite-cli-6.12.0-4.el8sat.noarch.rpm\nsatellite-common-6.12.0-4.el8sat.noarch.rpm\nsatellite-installer-6.12.0.5-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncjson-1.7.14-5.el8sat.x86_64.rpm\ncjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm\ncjson-debugsource-1.7.14-5.el8sat.x86_64.rpm\ncreaterepo_c-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\nmosquitto-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm\npostgresql-evr-0.0.2-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm\npython-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-4.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-aiohttp-3.8.1-3.el8pc.x86_64.rpm\npython39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm\npython39-brotli-1.0.9-2.el8pc.x86_64.rpm\npython39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm\npython39-cchardet-2.1.7-4.el8pc.x86_64.rpm\npython39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm\npython39-cffi-1.15.0-2.el8pc.x86_64.rpm\npython39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm\npython39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython39-cryptography-3.4.8-1.el8pc.x86_64.rpm\npython39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm\npython39-frozenlist-1.3.0-2.el8pc.x86_64.rpm\npython39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm\npython39-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython39-lxml-4.7.1-2.el8pc.x86_64.rpm\npython39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm\npython39-markupsafe-2.0.1-3.el8pc.x86_64.rpm\npython39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm\npython39-multidict-6.0.2-2.el8pc.x86_64.rpm\npython39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm\npython39-psycopg2-2.9.3-2.el8pc.x86_64.rpm\npython39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm\npython39-pycairo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycares-4.1.2-2.el8pc.x86_64.rpm\npython39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm\npython39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm\npython39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm\npython39-pygobject-3.40.1-3.el8pc.x86_64.rpm\npython39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm\npython39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm\npython39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm\npython39-pyyaml-5.4.1-4.el8pc.x86_64.rpm\npython39-rhsm-1.19.2-3.el8pc.x86_64.rpm\npython39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm\npython39-solv-0.7.22-4.el8pc.x86_64.rpm\npython39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-yarl-1.7.2-2.el8pc.x86_64.rpm\npython39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-facter-4.0.51-2.el8sat.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-puma-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-4.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncjson-1.7.14-5.el8sat.src.rpm\ncreaterepo_c-0.20.1-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.3.0.17-1.el8sat.src.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.3.0.8-1.el8sat.src.rpm\nforeman-proxy-3.3.0-1.el8sat.src.rpm\nkatello-4.5.0-1.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nlibcomps-0.1.18-4.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-4.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\nmosquitto-2.0.14-1.el8sat.src.rpm\npulpcore-selinux-1.3.2-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-3.el8pc.src.rpm\npython-aiofiles-0.8.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-3.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm\npython-aioredis-2.0.1-2.el8pc.src.rpm\npython-aiosignal-1.2.0-2.el8pc.src.rpm\npython-ansible-builder-1.0.1-4.el8pc.src.rpm\npython-asgiref-3.5.0-2.el8pc.src.rpm\npython-async-lru-1.0.2-3.el8pc.src.rpm\npython-async-timeout-4.0.2-2.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-3.el8pc.src.rpm\npython-attrs-21.4.0-2.el8pc.src.rpm\npython-backoff-1.11.1-2.el8pc.src.rpm\npython-bindep-2.10.2-4.el8pc.src.rpm\npython-bleach-3.3.1-2.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-3.el8pc.src.rpm\npython-bracex-2.2.1-2.el8pc.src.rpm\npython-brotli-1.0.9-2.el8pc.src.rpm\npython-cchardet-2.1.7-4.el8pc.src.rpm\npython-certifi-2020.6.20-3.el8pc.src.rpm\npython-cffi-1.15.0-2.el8pc.src.rpm\npython-chardet-4.0.0-2.el8pc.src.rpm\npython-charset-normalizer-2.0.11-4.el8pc.src.rpm\npython-click-8.0.3-2.el8pc.src.rpm\npython-click-shell-2.1-3.el8pc.src.rpm\npython-colorama-0.4.4-3.el8pc.src.rpm\npython-commonmark-0.9.1-5.el8pc.src.rpm\npython-contextlib2-21.6.0-3.el8pc.src.rpm\npython-cryptography-3.4.8-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-3.el8pc.src.rpm\npython-dateutil-2.8.2-2.el8pc.src.rpm\npython-debian-0.1.43-2.el8pc.src.rpm\npython-defusedxml-0.7.1-3.el8pc.src.rpm\npython-diff-match-patch-20200713-3.el8pc.src.rpm\npython-distro-1.6.0-3.el8pc.src.rpm\npython-django-3.2.14-2.el8pc.src.rpm\npython-django-currentuser-0.5.3-5.el8pc.src.rpm\npython-django-filter-21.1-3.el8pc.src.rpm\npython-django-guardian-2.4.0-5.el8pc.src.rpm\npython-django-guid-3.2.2-1.el8pc.src.rpm\npython-django-import-export-2.7.1-6.el8pc.src.rpm\npython-django-lifecycle-0.9.6-3.el8pc.src.rpm\npython-django-prometheus-2.1.0-3.el8pc.src.rpm\npython-django-readonly-field-1.1.1-3.el8pc.src.rpm\npython-djangorestframework-3.13.1-2.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm\npython-drf-access-policy-1.1.0-3.el8pc.src.rpm\npython-drf-nested-routers-0.93.4-3.el8pc.src.rpm\npython-drf-spectacular-0.21.2-2.el8pc.src.rpm\npython-dynaconf-3.1.7-4.el8pc.src.rpm\npython-ecdsa-0.14.1-2.el8pc.src.rpm\npython-enrich-1.2.6-5.el8pc.src.rpm\npython-et-xmlfile-1.1.0-2.el8pc.src.rpm\npython-flake8-3.9.2-5.el8pc.src.rpm\npython-frozenlist-1.3.0-2.el8pc.src.rpm\npython-future-0.18.2-5.el8pc.src.rpm\npython-galaxy-importer-0.4.5-1.el8pc.src.rpm\npython-gitdb-4.0.9-2.el8pc.src.rpm\npython-gitpython-3.1.26-3.el8pc.src.rpm\npython-gnupg-0.4.8-2.el8pc.src.rpm\npython-gunicorn-20.1.0-5.el8pc.src.rpm\npython-idna-3.3-2.el8pc.src.rpm\npython-idna-ssl-1.1.0-5.el8pc.src.rpm\npython-importlib-metadata-4.10.1-2.el8pc.src.rpm\npython-importlib-resources-5.4.0-4.el8pc.src.rpm\npython-inflection-0.5.1-3.el8pc.src.rpm\npython-iniparse-0.4-35.el8pc.src.rpm\npython-jinja2-3.0.3-2.el8pc.src.rpm\npython-jsonschema-4.6.0-4.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-2.el8pc.src.rpm\npython-markdown-3.3.6-3.el8pc.src.rpm\npython-markuppy-1.14-3.el8pc.src.rpm\npython-markupsafe-2.0.1-3.el8pc.src.rpm\npython-mccabe-0.6.1-3.el8pc.src.rpm\npython-multidict-6.0.2-2.el8pc.src.rpm\npython-naya-1.1.1-3.el8pc.src.rpm\npython-odfpy-1.4.1-6.el8pc.src.rpm\npython-openpyxl-3.0.9-2.el8pc.src.rpm\npython-packaging-21.3-1.el8pc.src.rpm\npython-parsley-1.3-2.el8pc.src.rpm\npython-pbr-5.8.0-4.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-3.el8pc.src.rpm\npython-prometheus-client-0.8.0-3.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.3-2.el8pc.src.rpm\npython-pulp-ansible-0.13.2-2.el8pc.src.rpm\npython-pulp-certguard-1.5.2-3.el8pc.src.rpm\npython-pulp-cli-0.14.0-4.el8pc.src.rpm\npython-pulp-container-2.10.9-1.el8pc.src.rpm\npython-pulp-deb-2.18.0-3.el8pc.src.rpm\npython-pulp-file-1.10.2-2.el8pc.src.rpm\npython-pulp-rpm-3.18.7-1.el8pc.src.rpm\npython-pulpcore-3.18.10-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-3.el8pc.src.rpm\npython-pycairo-1.20.1-3.el8pc.src.rpm\npython-pycares-4.1.2-2.el8pc.src.rpm\npython-pycodestyle-2.7.0-5.el8pc.src.rpm\npython-pycparser-2.21-2.el8pc.src.rpm\npython-pycryptodomex-3.14.1-2.el8pc.src.rpm\npython-pyflakes-2.3.1-5.el8pc.src.rpm\npython-pygments-2.11.2-2.el8pc.src.rpm\npython-pygobject-3.40.1-3.el8pc.src.rpm\npython-pygtrie-2.4.2-3.el8pc.src.rpm\npython-pyjwkest-1.4.2-6.el8pc.src.rpm\npython-pyjwt-1.7.1-8.el8pc.src.rpm\npython-pyparsing-2.4.7-3.el8pc.src.rpm\npython-pyrsistent-0.18.1-2.el8pc.src.rpm\npython-pytz-2021.3-2.el8pc.src.rpm\npython-pyyaml-5.4.1-4.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-3.el8pc.src.rpm\npython-requests-2.27.1-2.el8pc.src.rpm\npython-requirements-parser-0.2.0-3.el8pc.src.rpm\npython-rhsm-1.19.2-3.el8pc.src.rpm\npython-rich-10.12.0-3.el8pc.src.rpm\npython-ruamel-yaml-0.17.20-2.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm\npython-schema-0.7.5-2.el8pc.src.rpm\npython-semantic-version-2.10.0-1.el8pc.src.rpm\npython-six-1.16.0-2.el8pc.src.rpm\npython-smmap-5.0.0-2.el8pc.src.rpm\npython-sqlparse-0.4.2-3.el8pc.src.rpm\npython-tablib-3.2.0-3.el8pc.src.rpm\npython-tenacity-7.0.0-3.el8pc.src.rpm\npython-toml-0.10.2-3.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-2.el8pc.src.rpm\npython-uritemplate-4.1.1-2.el8pc.src.rpm\npython-url-normalize-1.4.3-4.el8pc.src.rpm\npython-urllib3-1.26.8-2.el8pc.src.rpm\npython-urlman-1.4.0-3.el8pc.src.rpm\npython-wcmatch-8.3-2.el8pc.src.rpm\npython-webencodings-0.5.1-3.el8pc.src.rpm\npython-whitenoise-6.0.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-5.el8pc.src.rpm\npython-xlwt-1.3.0-3.el8pc.src.rpm\npython-yarl-1.7.2-2.el8pc.src.rpm\npython-zipp-3.4.0-4.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rack-2.2.4-1.el8sat.src.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-sequel-5.53.0-1.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sinatra-2.2.0-1.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\nsatellite-installer-6.12.0.5-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-4.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm\nforeman-debug-3.3.0.17-1.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-installer-3.3.0.8-1.el8sat.noarch.rpm\nforeman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm\nforeman-proxy-3.3.0-1.el8sat.noarch.rpm\nforeman-proxy-content-4.5.0-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.3.0-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.5.0-1.el8sat.noarch.rpm\nkatello-debug-4.5.0-1.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython39-aiodns-3.0.0-3.el8pc.noarch.rpm\npython39-aiofiles-0.8.0-2.el8pc.noarch.rpm\npython39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm\npython39-aioredis-2.0.1-2.el8pc.noarch.rpm\npython39-aiosignal-1.2.0-2.el8pc.noarch.rpm\npython39-ansible-builder-1.0.1-4.el8pc.noarch.rpm\npython39-asgiref-3.5.0-2.el8pc.noarch.rpm\npython39-async-lru-1.0.2-3.el8pc.noarch.rpm\npython39-async-timeout-4.0.2-2.el8pc.noarch.rpm\npython39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm\npython39-attrs-21.4.0-2.el8pc.noarch.rpm\npython39-backoff-1.11.1-2.el8pc.noarch.rpm\npython39-bindep-2.10.2-4.el8pc.noarch.rpm\npython39-bleach-3.3.1-2.el8pc.noarch.rpm\npython39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm\npython39-bracex-2.2.1-2.el8pc.noarch.rpm\npython39-certifi-2020.6.20-3.el8pc.noarch.rpm\npython39-chardet-4.0.0-2.el8pc.noarch.rpm\npython39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm\npython39-click-8.0.3-2.el8pc.noarch.rpm\npython39-click-shell-2.1-3.el8pc.noarch.rpm\npython39-colorama-0.4.4-3.el8pc.noarch.rpm\npython39-commonmark-0.9.1-5.el8pc.noarch.rpm\npython39-contextlib2-21.6.0-3.el8pc.noarch.rpm\npython39-dataclasses-0.8-3.el8pc.noarch.rpm\npython39-dateutil-2.8.2-2.el8pc.noarch.rpm\npython39-debian-0.1.43-2.el8pc.noarch.rpm\npython39-defusedxml-0.7.1-3.el8pc.noarch.rpm\npython39-diff-match-patch-20200713-3.el8pc.noarch.rpm\npython39-distro-1.6.0-3.el8pc.noarch.rpm\npython39-django-3.2.14-2.el8pc.noarch.rpm\npython39-django-currentuser-0.5.3-5.el8pc.noarch.rpm\npython39-django-filter-21.1-3.el8pc.noarch.rpm\npython39-django-guardian-2.4.0-5.el8pc.noarch.rpm\npython39-django-guid-3.2.2-1.el8pc.noarch.rpm\npython39-django-import-export-2.7.1-6.el8pc.noarch.rpm\npython39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm\npython39-django-prometheus-2.1.0-3.el8pc.noarch.rpm\npython39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm\npython39-djangorestframework-3.13.1-2.el8pc.noarch.rpm\npython39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm\npython39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm\npython39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm\npython39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm\npython39-dynaconf-3.1.7-4.el8pc.noarch.rpm\npython39-ecdsa-0.14.1-2.el8pc.noarch.rpm\npython39-enrich-1.2.6-5.el8pc.noarch.rpm\npython39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm\npython39-flake8-3.9.2-5.el8pc.noarch.rpm\npython39-future-0.18.2-5.el8pc.noarch.rpm\npython39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm\npython39-gitdb-4.0.9-2.el8pc.noarch.rpm\npython39-gitpython-3.1.26-3.el8pc.noarch.rpm\npython39-gnupg-0.4.8-2.el8pc.noarch.rpm\npython39-gunicorn-20.1.0-5.el8pc.noarch.rpm\npython39-idna-3.3-2.el8pc.noarch.rpm\npython39-idna-ssl-1.1.0-5.el8pc.noarch.rpm\npython39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm\npython39-importlib-resources-5.4.0-4.el8pc.noarch.rpm\npython39-inflection-0.5.1-3.el8pc.noarch.rpm\npython39-iniparse-0.4-35.el8pc.noarch.rpm\npython39-jinja2-3.0.3-2.el8pc.noarch.rpm\npython39-jsonschema-4.6.0-4.el8pc.noarch.rpm\npython39-markdown-3.3.6-3.el8pc.noarch.rpm\npython39-markuppy-1.14-3.el8pc.noarch.rpm\npython39-mccabe-0.6.1-3.el8pc.noarch.rpm\npython39-naya-1.1.1-3.el8pc.noarch.rpm\npython39-odfpy-1.4.1-6.el8pc.noarch.rpm\npython39-openpyxl-3.0.9-2.el8pc.noarch.rpm\npython39-packaging-21.3-1.el8pc.noarch.rpm\npython39-parsley-1.3-2.el8pc.noarch.rpm\npython39-pbr-5.8.0-4.el8pc.noarch.rpm\npython39-productmd-1.33-3.el8pc.noarch.rpm\npython39-prometheus-client-0.8.0-3.el8pc.noarch.rpm\npython39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm\npython39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm\npython39-pulp-cli-0.14.0-4.el8pc.noarch.rpm\npython39-pulp-container-2.10.9-1.el8pc.noarch.rpm\npython39-pulp-deb-2.18.0-3.el8pc.noarch.rpm\npython39-pulp-file-1.10.2-2.el8pc.noarch.rpm\npython39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm\npython39-pulpcore-3.18.10-1.el8pc.noarch.rpm\npython39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm\npython39-pycodestyle-2.7.0-5.el8pc.noarch.rpm\npython39-pycparser-2.21-2.el8pc.noarch.rpm\npython39-pyflakes-2.3.1-5.el8pc.noarch.rpm\npython39-pygments-2.11.2-2.el8pc.noarch.rpm\npython39-pygtrie-2.4.2-3.el8pc.noarch.rpm\npython39-pyjwkest-1.4.2-6.el8pc.noarch.rpm\npython39-pyjwt-1.7.1-8.el8pc.noarch.rpm\npython39-pyparsing-2.4.7-3.el8pc.noarch.rpm\npython39-pytz-2021.3-2.el8pc.noarch.rpm\npython39-redis-3.5.3-3.el8pc.noarch.rpm\npython39-requests-2.27.1-2.el8pc.noarch.rpm\npython39-requirements-parser-0.2.0-3.el8pc.noarch.rpm\npython39-rich-10.12.0-3.el8pc.noarch.rpm\npython39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm\npython39-schema-0.7.5-2.el8pc.noarch.rpm\npython39-semantic-version-2.10.0-1.el8pc.noarch.rpm\npython39-six-1.16.0-2.el8pc.noarch.rpm\npython39-smmap-5.0.0-2.el8pc.noarch.rpm\npython39-sqlparse-0.4.2-3.el8pc.noarch.rpm\npython39-tablib-3.2.0-3.el8pc.noarch.rpm\npython39-tenacity-7.0.0-3.el8pc.noarch.rpm\npython39-toml-0.10.2-3.el8pc.noarch.rpm\npython39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm\npython39-uritemplate-4.1.1-2.el8pc.noarch.rpm\npython39-url-normalize-1.4.3-4.el8pc.noarch.rpm\npython39-urllib3-1.26.8-2.el8pc.noarch.rpm\npython39-urlman-1.4.0-3.el8pc.noarch.rpm\npython39-wcmatch-8.3-2.el8pc.noarch.rpm\npython39-webencodings-0.5.1-3.el8pc.noarch.rpm\npython39-whitenoise-6.0.0-1.el8pc.noarch.rpm\npython39-xlrd-2.0.1-5.el8pc.noarch.rpm\npython39-xlwt-1.3.0-3.el8pc.noarch.rpm\npython39-zipp-3.4.0-4.el8pc.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rack-2.2.4-1.el8sat.noarch.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-sequel-5.53.0-1.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sinatra-2.2.0-1.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nsatellite-capsule-6.12.0-4.el8sat.noarch.rpm\nsatellite-common-6.12.0-4.el8sat.noarch.rpm\nsatellite-installer-6.12.0.5-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncjson-1.7.14-5.el8sat.x86_64.rpm\ncjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm\ncjson-debugsource-1.7.14-5.el8sat.x86_64.rpm\ncreaterepo_c-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\nmosquitto-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm\npython-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-4.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-aiohttp-3.8.1-3.el8pc.x86_64.rpm\npython39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm\npython39-brotli-1.0.9-2.el8pc.x86_64.rpm\npython39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm\npython39-cchardet-2.1.7-4.el8pc.x86_64.rpm\npython39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm\npython39-cffi-1.15.0-2.el8pc.x86_64.rpm\npython39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm\npython39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython39-cryptography-3.4.8-1.el8pc.x86_64.rpm\npython39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm\npython39-frozenlist-1.3.0-2.el8pc.x86_64.rpm\npython39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm\npython39-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython39-lxml-4.7.1-2.el8pc.x86_64.rpm\npython39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm\npython39-markupsafe-2.0.1-3.el8pc.x86_64.rpm\npython39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm\npython39-multidict-6.0.2-2.el8pc.x86_64.rpm\npython39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm\npython39-psycopg2-2.9.3-2.el8pc.x86_64.rpm\npython39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm\npython39-pycairo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycares-4.1.2-2.el8pc.x86_64.rpm\npython39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm\npython39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm\npython39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm\npython39-pygobject-3.40.1-3.el8pc.x86_64.rpm\npython39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm\npython39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm\npython39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm\npython39-pyyaml-5.4.1-4.el8pc.x86_64.rpm\npython39-rhsm-1.19.2-3.el8pc.x86_64.rpm\npython39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm\npython39-solv-0.7.22-4.el8pc.x86_64.rpm\npython39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-yarl-1.7.2-2.el8pc.x86_64.rpm\npython39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nsatellite-clone-3.2.0-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nsatellite-clone-3.2.0-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nforeman-3.3.0.17-1.el8sat.src.rpm\npython-pulp_manifest-3.0.0-3.el8pc.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\n\nnoarch:\nforeman-cli-3.3.0.17-1.el8sat.noarch.rpm\npython39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nsatellite-cli-6.12.0-4.el8sat.noarch.rpm\n\nx86_64:\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-37136\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2022-22818\nhttps://access.redhat.com/security/cve/CVE-2022-24836\nhttps://access.redhat.com/security/cve/CVE-2022-25648\nhttps://access.redhat.com/security/cve/CVE-2022-29970\nhttps://access.redhat.com/security/cve/CVE-2022-32209\nhttps://access.redhat.com/security/cve/CVE-2022-34265\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY3UyKtzjgjWX9erEAQiOZQ//cSY/SZi9lHZWMyk7SFF/uo1T/lMIgLGz\n45VnNH0uR/+NowvtEK9Oz6V7o8IKD1RfKD8wtMeGh9ObiiY+wGstUuF2ulzxrWHr\n+paVkbfB/Yx62nqn4EovZ7RhcGCBN7ZO+OyhYo6MLejs/vvw9LYECh5qsvcTggBG\nqdCgO2xrxwEznoWA2iBqwCwHzX5rEx1shvRGnh6gjCnG/NJbg3w1QR0ko31Fqc3b\nDRIQL2CsfFlJTkfZN7996VjicMt6tsO4hcYFi3VaEvbWh3/R3z2MdGbqR9e0hbPF\ny1REALJ1kjoxaS26lDPaO9bwsP8PUyntl1MrmhPnnuqXuYduxAPOSXMFbfMosC3t\nwHK3ZA10LzReoHYrYxcv2V2L65+vOmT1Ss+P88TlLaw+iO1yITuxPRZf6EVVmmTK\nSoY0E9mmxybtGdb6izkM5ofk7tbLABHGZzqqRo8QbFbOJ3ffprqE3FrRM5JydNxT\n/DVUFNU+ntfBaCL81tuiuMDcRjVlNhKMCJEWnPQ9BIJ3oAwyxDT/49QCTSlbgDIs\nY820v73UDgRb7hOLKNg+YAek/lvuwwrrfyu8BaBft6XiUZg6rlPXPJdfCrNMV7BG\nnSg1E5LMCxn5ZDaspEnT+7RV1VpmgmWfxgi0yrKaLahVlxIRMMlppnfT4lCzplTT\nAltJZW6aeZM=vlQq\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data\n2129809 - CVE-2022-36944 scala: deserialization gadget chain\n2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution\n2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files\n2215229 - CVE-2023-2976 guava: insecure temporary directory creation\n2215393 - CVE-2023-34453 snappy-java: Integer overflow in shuffle leads to DoS\n2215394 - CVE-2023-34454 snappy-java: Integer overflow in compress leads to DoS\n2215445 - CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS\n2215465 - CVE-2023-33201 bouncycastle: potential blind LDAP injection attack using a self-signed certificate\n2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM\n2229295 - CVE-2023-3635 okio: GzipSource class improper exception handling\n2236340 - CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()\n2236341 - CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nENTMQST-5081 - [PROD] Create RHSA erratum for Streams 2.5.0\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37136"
},
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "VULMON",
"id": "CVE-2021-37136"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "174675"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-398972",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37136",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "166408",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169918",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165105",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167964",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-398972",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-37136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174675",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "VULMON",
"id": "CVE-2021-37136"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "174675"
},
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"id": "VAR-202110-1706",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:25:12.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: CVE-2021-37136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-37136"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"trust": 1.1,
"url": "https://github.com/netty/netty/security/advisories/ghsa-grg4-wf29-r9vv"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41269"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0853"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0853"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32209"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32209"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-34455"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34455"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-3635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-2976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34462"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-26048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-34454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-34453"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33201"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-33201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-26049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.5.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-34462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34453"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "VULMON",
"id": "CVE-2021-37136"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "174675"
},
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398972"
},
{
"db": "VULMON",
"id": "CVE-2021-37136"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "174675"
},
{
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-398972"
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288"
},
{
"date": "2022-03-23T15:52:53",
"db": "PACKETSTORM",
"id": "166408"
},
{
"date": "2022-06-07T15:14:53",
"db": "PACKETSTORM",
"id": "167423"
},
{
"date": "2022-05-12T15:55:09",
"db": "PACKETSTORM",
"id": "167142"
},
{
"date": "2022-11-17T13:22:43",
"db": "PACKETSTORM",
"id": "169918"
},
{
"date": "2023-09-15T13:53:16",
"db": "PACKETSTORM",
"id": "174675"
},
{
"date": "2021-10-19T15:15:07.697000",
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-398972"
},
{
"date": "2023-11-07T03:36:54.390000",
"db": "NVD",
"id": "CVE-2021-37136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169918"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-5128-06",
"sources": [
{
"db": "PACKETSTORM",
"id": "165286"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
}
],
"trust": 0.3
}
}
var-202103-1554
Vulnerability from variot
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. This vulnerability is CVE-2021-21295 It is a vulnerability caused by an incomplete fix.Information may be tampered with.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8 security update Advisory ID: RHSA-2021:2694-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2694 Issue date: 2021-07-13 CVE Names: CVE-2021-3536 CVE-2021-21409 ==================================================================== 1. Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
netty: Request smuggling via content-length header (CVE-2021-21409)
-
wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20264 - GSS ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-20503 - GSS WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-20623 - GSS Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21180 - Tracker bug for the EAP 7.3.8 release for RHEL-8 JBEAP-21406 - GSS Upgrade Ironjacamar from 1.4.30.Final-redhat-00001 to 1.4.33.Final-redhat-00001 JBEAP-21421 - (7.3.z) Upgrade Infinispan from 9.4.22.Final-redhat-00001 to 9.4.23.Final-redhat-00001 JBEAP-21434 - (7.3.z) Upgrade wildfly-http-client from 1.0.26.Final-redhat-00001 to 1.0.28.Final-redhat-00001 JBEAP-21435 - (7.3.z) Upgrade Elytron from 1.10.12.Final-redhat-00001 to 1.10.13.Final-redhat-00001 JBEAP-21437 - (7.3.z) Upgrade netty from 4.1.60.Final to 4.1.63 JBEAP-21441 - (7.3.z) Upgrade Undertow from 2.0.35.SP1-redhat-00001 to 2.0.38.SP1-redhat-00001 JBEAP-21443 - (7.3.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21444 - (7.3.z) Upgrade wf-core from 10.1.20.Final-redhat-00001 to 10.1.21.Final-redhat-00001 JBEAP-21567 - GSS Upgrade HAL from 3.2.14.Final-redhat-00001 to 3.2.15.Final-redhat-00001 JBEAP-21582 - (7.3.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21739 - (7.3.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.6.3.Final-redhat-00001 JBEAP-21977 - SET Update product CP branch github template
- Package List:
Red Hat JBoss EAP 7.3 for BaseOS-8:
Source: eap7-elytron-web-1.6.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el8eap.src.rpm eap7-infinispan-9.4.23-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el8eap.src.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.38-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.8-1.GA_redhat_00001.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.0.28-1.Final_redhat_00001.1.el8eap.src.rpm
noarch: eap7-hal-console-3.2.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-all-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.38-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.6.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYO2RMtzjgjWX9erEAQjW+A/9HWLlaHiO+DaKpGDmPHSmVqeMaFH1CYHa q+8rtsG66TOWU4HNV+nDQvbxR6sBB7i20calm3b8kRnTobtX/aVu+IyBHeqpfrYv uc8Bit2T+RkdZlKFrRSlkTukkT7+lGhPtmFqjqGQaM6uoUzFiG3qn0dLHCVWEwo0 cNhF2RZR8ahaYacq4Ifv9Df6lC36URNLoPOp1UOmPpEnglJDARWcw78kaVQc27mi ivIWDrj6rbWHY5obVSnENKlT6+e6M8hgyMTYJc47LthI/SjrOSnVzHQhdgw184yZ cG+hvN5odn/DyZIVc5MwlncHLYeuKT4c7Kvcxr0XvQOc8J9oRVOBHs3T4ApMc+Fh r20gyja8SbwoKMjgYsCHY8jtPsvRWCh2iLjKN9iPM/Mp1WEs1KsBVtOE+0XWMHEt KCxrAsDZjlB0KFz6cwp5GZq/h2gwx5tFkG8sFjeDtK+t2NnStbKBPocU8K9fMbdG cclTUoHC73KCHxN9xU6GHcX1ZP8EvlluQPs/Ay2WxWsT0ETKWNcD0YmeLbHaARgh pNIAkEZdORXxEfgLmt7Ug+gg3uwpegZrBnZJNqAJ/1gDV2FG1JDt9CdXmVdFwUw3 HBCpb86rrCmG3EVnswOS+uCFMGu1V5LMIx/6OoR+35O9DEHx3JXYiAiCUHrd9Kpr Y6NNd2219pM=Uht6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS
- ========================================================================== Ubuntu Security Notice USN-6049-1 April 28, 2023
netty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 ESM
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Netty.
Software Description: - netty: Java NIO client/server socket framework
Details:
It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612)
It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)
It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295, CVE-2021-21409)
It was discovered that Netty's Bzip2 decompression decoder did not limit the decompressed output data size. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)
It was discovered that Netty's Snappy frame decoder function did not limit chunk lengths. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. (CVE-2021-37137)
It was discovered that Netty did not properly handle control chars at the beginning and end of header names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)
It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881)
It was discovered that Netty did not validate header values under certain circumstances. A remote attacker could possibly use this issue to perform HTTP response splitting via malicious header values. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: libnetty-java 1:4.1.48-5ubuntu0.1
Ubuntu 22.04 LTS: libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1
Ubuntu 20.04 ESM: libnetty-java 1:4.1.45-1ubuntu0.1~esm1
Ubuntu 18.04 ESM: libnetty-java 1:4.1.7-4ubuntu0.1+esm2
Ubuntu 16.04 ESM: libnetty-java 1:4.0.34-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6049-1 CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
Package Information: https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1 https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "quarkus",
"scope": "lte",
"trust": 1.0,
"vendor": "quarkus",
"version": "1.13.7"
},
{
"model": "nosql database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.12"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2.0.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.61"
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.10"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "primavera gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking credit facilities process management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oncommand api services",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oracle banking corporate lending process management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "kudu",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "oracle communications messaging server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "netty",
"scope": null,
"trust": 0.8,
"vendor": "the netty",
"version": null
},
{
"model": "zookeeper",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.61",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "163922"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
}
],
"trust": 0.7
},
"cve": "CVE-2021-21409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-21409",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-379190",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-005193",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21409",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-21409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. This vulnerability is CVE-2021-21295 It is a vulnerability caused by an incomplete fix.Information may be tampered with. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8 security update\nAdvisory ID: RHSA-2021:2694-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2694\nIssue date: 2021-07-13\nCVE Names: CVE-2021-3536 CVE-2021-21409\n====================================================================\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.8 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* wildfly: XSS via admin console when creating roles in domain mode\n(CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20264 - [GSS](7.3.z) ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation\nJBEAP-20503 - [GSS](7.3.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API\nJBEAP-20623 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001\nJBEAP-21180 - Tracker bug for the EAP 7.3.8 release for RHEL-8\nJBEAP-21406 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.30.Final-redhat-00001 to 1.4.33.Final-redhat-00001\nJBEAP-21421 - (7.3.z) Upgrade Infinispan from 9.4.22.Final-redhat-00001 to 9.4.23.Final-redhat-00001\nJBEAP-21434 - (7.3.z) Upgrade wildfly-http-client from 1.0.26.Final-redhat-00001 to 1.0.28.Final-redhat-00001\nJBEAP-21435 - (7.3.z) Upgrade Elytron from 1.10.12.Final-redhat-00001 to 1.10.13.Final-redhat-00001\nJBEAP-21437 - (7.3.z) Upgrade netty from 4.1.60.Final to 4.1.63\nJBEAP-21441 - (7.3.z) Upgrade Undertow from 2.0.35.SP1-redhat-00001 to 2.0.38.SP1-redhat-00001\nJBEAP-21443 - (7.3.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001\nJBEAP-21444 - (7.3.z) Upgrade wf-core from 10.1.20.Final-redhat-00001 to 10.1.21.Final-redhat-00001\nJBEAP-21567 - [GSS](7.3.z) Upgrade HAL from 3.2.14.Final-redhat-00001 to 3.2.15.Final-redhat-00001\nJBEAP-21582 - (7.3.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001\nJBEAP-21739 - (7.3.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.6.3.Final-redhat-00001\nJBEAP-21977 - [SET](7.3.z) Update product CP branch github template\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-elytron-web-1.6.3-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hal-console-3.2.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el8eap.src.rpm\neap7-infinispan-9.4.23-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jberet-1.3.8-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el8eap.src.rpm\neap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.38-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.8-1.GA_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-http-client-1.0.28-1.Final_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-hal-console-3.2.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.20-3.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ironjacamar-validator-1.4.33-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-1.3.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-core-1.3.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-remoting-5.0.23-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-7.Final_redhat_00008.1.el8eap.noarch.rpm\neap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-netty-all-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.38-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-server-1.6.3-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.28-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.8-1.GA_redhat_00001.1.el8eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYO2RMtzjgjWX9erEAQjW+A/9HWLlaHiO+DaKpGDmPHSmVqeMaFH1CYHa\nq+8rtsG66TOWU4HNV+nDQvbxR6sBB7i20calm3b8kRnTobtX/aVu+IyBHeqpfrYv\nuc8Bit2T+RkdZlKFrRSlkTukkT7+lGhPtmFqjqGQaM6uoUzFiG3qn0dLHCVWEwo0\ncNhF2RZR8ahaYacq4Ifv9Df6lC36URNLoPOp1UOmPpEnglJDARWcw78kaVQc27mi\nivIWDrj6rbWHY5obVSnENKlT6+e6M8hgyMTYJc47LthI/SjrOSnVzHQhdgw184yZ\ncG+hvN5odn/DyZIVc5MwlncHLYeuKT4c7Kvcxr0XvQOc8J9oRVOBHs3T4ApMc+Fh\nr20gyja8SbwoKMjgYsCHY8jtPsvRWCh2iLjKN9iPM/Mp1WEs1KsBVtOE+0XWMHEt\nKCxrAsDZjlB0KFz6cwp5GZq/h2gwx5tFkG8sFjeDtK+t2NnStbKBPocU8K9fMbdG\ncclTUoHC73KCHxN9xU6GHcX1ZP8EvlluQPs/Ay2WxWsT0ETKWNcD0YmeLbHaARgh\npNIAkEZdORXxEfgLmt7Ug+gg3uwpegZrBnZJNqAJ/1gDV2FG1JDt9CdXmVdFwUw3\nHBCpb86rrCmG3EVnswOS+uCFMGu1V5LMIx/6OoR+35O9DEHx3JXYiAiCUHrd9Kpr\nY6NNd2219pM=Uht6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1775 - [release-5.2] Syslog output is serializing json incorrectly\nLOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing\nLOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]\nLOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode\n1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6\n1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate\n1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS\n1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression\n1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer\n1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS\n\n6. ==========================================================================\nUbuntu Security Notice USN-6049-1\nApril 28, 2023\n\nnetty vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 ESM\n- Ubuntu 18.04 ESM\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Netty. \n\nSoftware Description:\n- netty: Java NIO client/server socket framework\n\nDetails:\n\nIt was discovered that Netty\u0027s Zlib decoders did not limit memory\nallocations. A remote attacker could possibly use this issue to cause\nNetty to exhaust memory via malicious input, leading to a denial of\nservice. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. \n(CVE-2020-11612)\n\nIt was discovered that Netty created temporary files with excessive\npermissions. A local attacker could possibly use this issue to expose\nsensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu\n18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)\n\nIt was discovered that Netty did not properly validate content-length\nheaders. A remote attacker could possibly use this issue to smuggle\nrequests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,\nCVE-2021-21409)\n\nIt was discovered that Netty\u0027s Bzip2 decompression decoder did not limit\nthe decompressed output data size. A remote attacker could possibly use\nthis issue to cause Netty to exhaust memory via malicious input, leading\nto a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu\n20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)\n\nIt was discovered that Netty\u0027s Snappy frame decoder function did not limit\nchunk lengths. A remote attacker could possibly use this issue to cause\nNetty to exhaust memory via malicious input, leading to a denial of\nservice. (CVE-2021-37137)\n\nIt was discovered that Netty did not properly handle control chars at the\nbeginning and end of header names. A remote attacker could possibly use\nthis issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM,\nUbuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)\n\nIt was discovered that Netty could be made into an infinite recursion when\nparsing a malformed crafted message. A remote attacker could possibly use\nthis issue to cause Netty to crash, leading to a denial of service. This\nissue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-41881)\n\nIt was discovered that Netty did not validate header values under certain\ncircumstances. A remote attacker could possibly use this issue to perform\nHTTP response splitting via malicious header values. This issue only\naffected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu\n22.10. (CVE-2022-41915)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n libnetty-java 1:4.1.48-5ubuntu0.1\n\nUbuntu 22.04 LTS:\n libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1\n\nUbuntu 20.04 ESM:\n libnetty-java 1:4.1.45-1ubuntu0.1~esm1\n\nUbuntu 18.04 ESM:\n libnetty-java 1:4.1.7-4ubuntu0.1+esm2\n\nUbuntu 16.04 ESM:\n libnetty-java 1:4.0.34-1ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6049-1\n CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409,\n CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881,\n CVE-2022-41915\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1\nhttps://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21409"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "163922"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "172072"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21409",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163489",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163480",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167709",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163483",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162839",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163485",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-379190",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163922",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163713",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172072",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "163922"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"id": "VAR-202103-1554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:49:40.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0July\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3cissues.flink.apache.org%3e"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.1
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 1.1,
"url": "https://github.com/netty/netty/security/advisories/ghsa-f256-j965-7f32"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"trust": 1.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-21295"
},
{
"trust": 1.1,
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"trust": 1.1,
"url": "https://github.com/netty/netty/security/advisories/ghsa-wm47-8v5p-wjpj"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3536"
},
{
"trust": 0.5,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29425"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3597"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3690"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3642"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3642"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28170"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6049-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "163922"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "163922"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"date": "2021-07-13T15:14:52",
"db": "PACKETSTORM",
"id": "163480"
},
{
"date": "2021-07-13T15:38:58",
"db": "PACKETSTORM",
"id": "163489"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2021-08-31T15:08:05",
"db": "PACKETSTORM",
"id": "163922"
},
{
"date": "2021-07-30T14:23:26",
"db": "PACKETSTORM",
"id": "163713"
},
{
"date": "2021-09-24T15:39:43",
"db": "PACKETSTORM",
"id": "164276"
},
{
"date": "2021-09-24T15:39:14",
"db": "PACKETSTORM",
"id": "164275"
},
{
"date": "2023-05-01T16:09:49",
"db": "PACKETSTORM",
"id": "172072"
},
{
"date": "2021-03-30T15:15:14.573000",
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2021-12-09T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-005193"
},
{
"date": "2023-11-07T03:30:00.920000",
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote, local",
"sources": [
{
"db": "PACKETSTORM",
"id": "172072"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-005193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "163480"
},
{
"db": "PACKETSTORM",
"id": "163489"
},
{
"db": "PACKETSTORM",
"id": "163713"
}
],
"trust": 0.3
}
}
var-202110-1705
Vulnerability from variot
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. Netty Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- Bugs fixed (https://bugzilla.redhat.com/):
1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties 1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up 1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists 1901304 - CVE-2020-27782 undertow: special character in query results in server errors 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack 1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter 1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
- ========================================================================== Ubuntu Security Notice USN-6049-1 April 28, 2023
netty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 ESM
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Netty.
Software Description: - netty: Java NIO client/server socket framework
Details:
It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612)
It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)
It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295, CVE-2021-21409)
It was discovered that Netty's Bzip2 decompression decoder did not limit the decompressed output data size. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. (CVE-2021-37137)
It was discovered that Netty did not properly handle control chars at the beginning and end of header names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)
It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881)
It was discovered that Netty did not validate header values under certain circumstances. A remote attacker could possibly use this issue to perform HTTP response splitting via malicious header values. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: libnetty-java 1:4.1.48-5ubuntu0.1
Ubuntu 22.04 LTS: libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1
Ubuntu 20.04 ESM: libnetty-java 1:4.1.45-1ubuntu0.1~esm1
Ubuntu 18.04 ESM: libnetty-java 1:4.1.7-4ubuntu0.1+esm2
Ubuntu 16.04 ESM: libnetty-java 1:4.0.34-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6049-1 CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, CVE-2022-41915
Package Information: https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1 https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat AMQ Streams 2.4.0 release and security update Advisory ID: RHSA-2023:3223-01 Product: Red Hat AMQ Streams Advisory URL: https://access.redhat.com/errata/RHSA-2023:3223 Issue date: 2023-05-18 CVE Names: CVE-2020-36518 CVE-2021-0341 CVE-2021-37136 CVE-2021-37137 CVE-2021-46877 CVE-2022-24823 CVE-2022-36944 CVE-2022-40149 CVE-2022-40150 CVE-2022-42003 CVE-2022-42004 CVE-2023-0833 CVE-2023-1370 ==================================================================== 1. Summary:
Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
-
scala: deserialization gadget chain (CVE-2022-36944)
-
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
-
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
-
netty: world readable temporary file containing sensitive data (CVE-2022-24823)
-
jettison: parser crash by stackoverflow (CVE-2022-40149)
-
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
-
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
-
Red Hat A-MQ Streams: component version with information disclosure flaw (CVE-2023-0833)
-
jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2129809 - CVE-2022-36944 scala: deserialization gadget chain 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function 2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
- JIRA issues fixed (https://issues.jboss.org/):
ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGYRq9zjgjWX9erEAQjqlg/7BI+a1ZARPpg2cKgqsG9s+3qTV3xhHgrf PQjv6956eva9jcpz9B8E48y/LkaS3oO2oqBm//JTNzeEHyUsjLnNyMGkPrcn/f+h 5pUQp8fMN4Z2u1Fm0EqyZzzEstrfUYfC9IHeCg520h/9nj9gg6kmFATMQlu39HFR bFGQTN/q6SCH9SjzhrJdhGEt4ZFlHRKQKnzquONvfs63mSRutpIZLJddDcB3Cwbv sMQeW6VD6RgkaW9qt/DV1I2l34A0eeYaGJdGHdmTQFRGqx4AFFYIpT9IUxps0Lpf JDg2fu0wwhCl+uf8OCQALEb0EEvvKGd01Og9nPoh5TT7P8SUr6jpn27OyEj1gcv/ M8Mh7IyiyrS/AX7sdWn+THzw3DDswkW4o+cecUnFa6OsYNZA5xh1Bh5Iv5H+tb+G gAGtbRCutn4phyUZBZCg5eLp+PbRI5APKzGG+UaSreiAhUlw5OLp1pop3LEKFJXZ QJV30UprUxjOrOSkgr0PScgObVGg/ZH1qXIG7i2ckr0iHi2MkpywALvPvJ550CUh 6fiVtNuzrslkz+g2KMvSZRPpLSBGkuHI5ryIIByfV80GsQXamSNvRBqkU2Ak/LJm 9IKoFk7Qvc4Ndt/gFUfFYomYV+Oq6Byhz+BlGd1dGVj7WQnR+wlzluSxfKX1LhOI G4L7Lgc41F0=lqyN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5316-1 security@debian.org https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq
Package : netty CVE ID : CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881 CVE-2022-41915 Debian Bug : 1027180 1014769 1001437
Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.
For the stable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u1.
We recommend that you upgrade your netty packages.
For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/OTVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeREBA//QmQrVlx87/n7z5FISY20tNkSxAI3/Xqx9IB/ldRLUw8xcttHoDV13H4K JFKuEP6bdZzdzxXCcYGqNlXPjMJqbH6KIEmjIbCthsnbQfNzSXm86eqeZWl33kEG QA1buF47PeyRzuW93JmS+XpjjOWaXA4/MmP14wOqHyu/sorRc4aN5R0/ea+cUSW4 a7Zvb/m/gM5dLm1m88do5oBgJsynZM0fCfLi/Lz2vvSKKap/DJaCcK9sjvyzCRlb 8OqtE+B5eejUIGcBF2TD5BZiZLY5ZIqPBEUZO5g+WMnPRWNUaU/lYqKuTPPlU72A ZUeysGlAyhbPueEd5cIXG7jYUt07VRUFixinXHukhErzWtQU28mY7mA50If+wabO 9Pj/6/76St0XFWWxRNPYFCXeM7oSNdvC8DA7oNahpBMDSP/bJSc+sDdwjp41PjKj zKKHraQMtOCDOWmqeWJUfUdqVa2ptSjUZ/oGBsW4CUkesoS03YAAtGasxlpfhR2o 43V0e7/9YmiBI1ZkpqIZ4vU7siqE6NzCMmvdtYaTQD66P0CJ3FCC/OdSdKSRp0HN Z45D6hUUZdJLJrO8gGfLfZo9aABTlOSuRUcdHLBqOVUUjz7wqlQHH2d63ytf9X93 ATsBST3G5fY5ssKcyxHFtDAsqgbokkCLJ0D7TFM4cY+E7ywpq+I= =jx2O -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.2"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.68"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "quarkus",
"scope": "lt",
"trust": 1.0,
"vendor": "quarkus",
"version": "2.2.4"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications brm - elastic charging engine",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.6"
},
{
"model": "oracle communications cloud native core binding support function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oncommand insight",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oracle banking apis",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce guided search",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking digital experience",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "netty",
"scope": null,
"trust": 0.8,
"vendor": "the netty",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications diameter signaling router",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "quarkus",
"scope": null,
"trust": 0.8,
"vendor": "quarkus",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.68",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "172453"
}
],
"trust": 0.5
},
"cve": "CVE-2021-37137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-37137",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-398973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-37137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-37137",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. Netty Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1739497 - CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties\n1802531 - CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1887648 - CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up\n1898907 - CVE-2020-26217 XStream: remote code execution due to insecure XML deserialization when relying on blocklists\n1901304 - CVE-2020-27782 undertow: special character in query results in server errors\n1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation\n1904221 - CVE-2020-17527 tomcat: HTTP/2 request header mix-up\n1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1922102 - CVE-2021-23926 xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack\n1922123 - CVE-2020-17521 groovy: OS temporary directory leads to information disclosure\n1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads\n1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception\n1933808 - CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1939839 - CVE-2021-27568 json-smart: uncaught exception may lead to crash or information disclosure\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents\n1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF\n1946341 - CVE-2021-22696 cxf: OAuth 2 authorization service vulnerable to DDos attacks\n1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode\n1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6\n1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library\n1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate\n1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS\n1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory\n1973392 - CVE-2021-30468 CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter\n1974854 - CVE-2021-22118 spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application\n1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout\n1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS\n1981527 - CVE-2021-30129 mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server\n1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS\n1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\nLOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard\nLOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1]\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. ==========================================================================\nUbuntu Security Notice USN-6049-1\nApril 28, 2023\n\nnetty vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 ESM\n- Ubuntu 18.04 ESM\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Netty. \n\nSoftware Description:\n- netty: Java NIO client/server socket framework\n\nDetails:\n\nIt was discovered that Netty\u0027s Zlib decoders did not limit memory\nallocations. A remote attacker could possibly use this issue to cause\nNetty to exhaust memory via malicious input, leading to a denial of\nservice. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. \n(CVE-2020-11612)\n\nIt was discovered that Netty created temporary files with excessive\npermissions. A local attacker could possibly use this issue to expose\nsensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu\n18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)\n\nIt was discovered that Netty did not properly validate content-length\nheaders. A remote attacker could possibly use this issue to smuggle\nrequests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295,\nCVE-2021-21409)\n\nIt was discovered that Netty\u0027s Bzip2 decompression decoder did not limit\nthe decompressed output data size. A remote attacker could possibly use\nthis issue to cause Netty to exhaust memory via malicious input, leading\nto a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu\n20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. A remote attacker could possibly use this issue to cause\nNetty to exhaust memory via malicious input, leading to a denial of\nservice. (CVE-2021-37137)\n\nIt was discovered that Netty did not properly handle control chars at the\nbeginning and end of header names. A remote attacker could possibly use\nthis issue to smuggle requests. This issue only affected Ubuntu 18.04 ESM,\nUbuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)\n\nIt was discovered that Netty could be made into an infinite recursion when\nparsing a malformed crafted message. A remote attacker could possibly use\nthis issue to cause Netty to crash, leading to a denial of service. This\nissue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-41881)\n\nIt was discovered that Netty did not validate header values under certain\ncircumstances. A remote attacker could possibly use this issue to perform\nHTTP response splitting via malicious header values. This issue only\naffected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu\n22.10. (CVE-2022-41915)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n libnetty-java 1:4.1.48-5ubuntu0.1\n\nUbuntu 22.04 LTS:\n libnetty-java 1:4.1.48-4+deb11u1build0.22.04.1\n\nUbuntu 20.04 ESM:\n libnetty-java 1:4.1.45-1ubuntu0.1~esm1\n\nUbuntu 18.04 ESM:\n libnetty-java 1:4.1.7-4ubuntu0.1+esm2\n\nUbuntu 16.04 ESM:\n libnetty-java 1:4.0.34-1ubuntu0.1~esm1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6049-1\n CVE-2020-11612, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409,\n CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881,\n CVE-2022-41915\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1\nhttps://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat AMQ Streams 2.4.0 release and security update\nAdvisory ID: RHSA-2023:3223-01\nProduct: Red Hat AMQ Streams\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:3223\nIssue date: 2023-05-18\nCVE Names: CVE-2020-36518 CVE-2021-0341 CVE-2021-37136\n CVE-2021-37137 CVE-2021-46877 CVE-2022-24823\n CVE-2022-36944 CVE-2022-40149 CVE-2022-40150\n CVE-2022-42003 CVE-2022-42004 CVE-2023-0833\n CVE-2023-1370\n====================================================================\n1. Summary:\n\nRed Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red\nHat AMQ Streams 2.3.0, and includes security and bug fixes, and\nenhancements. \n\nSecurity Fix(es):\n\n* scala: deserialization gadget chain (CVE-2022-36944)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart\n(Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* okhttp: information disclosure via improperly used cryptographic function\n(CVE-2021-0341)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize\nJsonNode (CVE-2021-46877)\n\n* netty: world readable temporary file containing sensitive data\n(CVE-2022-24823)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* Red Hat A-MQ Streams: component version with information disclosure flaw\n(CVE-2023-0833)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data\n2129809 - CVE-2022-36944 scala: deserialization gadget chain\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data\n2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow\n2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function\n2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw\n2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode\n2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state\nENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGYRq9zjgjWX9erEAQjqlg/7BI+a1ZARPpg2cKgqsG9s+3qTV3xhHgrf\nPQjv6956eva9jcpz9B8E48y/LkaS3oO2oqBm//JTNzeEHyUsjLnNyMGkPrcn/f+h\n5pUQp8fMN4Z2u1Fm0EqyZzzEstrfUYfC9IHeCg520h/9nj9gg6kmFATMQlu39HFR\nbFGQTN/q6SCH9SjzhrJdhGEt4ZFlHRKQKnzquONvfs63mSRutpIZLJddDcB3Cwbv\nsMQeW6VD6RgkaW9qt/DV1I2l34A0eeYaGJdGHdmTQFRGqx4AFFYIpT9IUxps0Lpf\nJDg2fu0wwhCl+uf8OCQALEb0EEvvKGd01Og9nPoh5TT7P8SUr6jpn27OyEj1gcv/\nM8Mh7IyiyrS/AX7sdWn+THzw3DDswkW4o+cecUnFa6OsYNZA5xh1Bh5Iv5H+tb+G\ngAGtbRCutn4phyUZBZCg5eLp+PbRI5APKzGG+UaSreiAhUlw5OLp1pop3LEKFJXZ\nQJV30UprUxjOrOSkgr0PScgObVGg/ZH1qXIG7i2ckr0iHi2MkpywALvPvJ550CUh\n6fiVtNuzrslkz+g2KMvSZRPpLSBGkuHI5ryIIByfV80GsQXamSNvRBqkU2Ak/LJm\n9IKoFk7Qvc4Ndt/gFUfFYomYV+Oq6Byhz+BlGd1dGVj7WQnR+wlzluSxfKX1LhOI\nG4L7Lgc41F0=lqyN\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5316-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nJanuary 11, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : netty\nCVE ID : CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-41881\n CVE-2022-41915\nDebian Bug : 1027180 1014769 1001437\n\nSeveral out-of-memory, stack overflow or HTTP request smuggling vulnerabilities\nhave been discovered in Netty, a Java NIO client/server socket framework, which\nmay allow attackers to cause a denial of service or bypass restrictions when\nused as a proxy. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:4.1.48-4+deb11u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/OTVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeREBA//QmQrVlx87/n7z5FISY20tNkSxAI3/Xqx9IB/ldRLUw8xcttHoDV13H4K\nJFKuEP6bdZzdzxXCcYGqNlXPjMJqbH6KIEmjIbCthsnbQfNzSXm86eqeZWl33kEG\nQA1buF47PeyRzuW93JmS+XpjjOWaXA4/MmP14wOqHyu/sorRc4aN5R0/ea+cUSW4\na7Zvb/m/gM5dLm1m88do5oBgJsynZM0fCfLi/Lz2vvSKKap/DJaCcK9sjvyzCRlb\n8OqtE+B5eejUIGcBF2TD5BZiZLY5ZIqPBEUZO5g+WMnPRWNUaU/lYqKuTPPlU72A\nZUeysGlAyhbPueEd5cIXG7jYUt07VRUFixinXHukhErzWtQU28mY7mA50If+wabO\n9Pj/6/76St0XFWWxRNPYFCXeM7oSNdvC8DA7oNahpBMDSP/bJSc+sDdwjp41PjKj\nzKKHraQMtOCDOWmqeWJUfUdqVa2ptSjUZ/oGBsW4CUkesoS03YAAtGasxlpfhR2o\n43V0e7/9YmiBI1ZkpqIZ4vU7siqE6NzCMmvdtYaTQD66P0CJ3FCC/OdSdKSRp0HN\nZ45D6hUUZdJLJrO8gGfLfZo9aABTlOSuRUcdHLBqOVUUjz7wqlQHH2d63ytf9X93\nATsBST3G5fY5ssKcyxHFtDAsqgbokkCLJ0D7TFM4cY+E7ywpq+I=\n=jx2O\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37137"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "170498"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-398973",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37137",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "166408",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170498",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169918",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164936",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168657",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165980",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165105",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167964",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5013",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5422",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4029",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0747",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5991",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0168",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0195",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4253",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0644",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3847",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3870",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2799",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012310",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012753",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060838",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042284",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051235",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166093",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-398973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172072",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "170498"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"id": "VAR-202110-1705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:46:59.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"title": "Netty Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=167343"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"trust": 1.7,
"url": "https://github.com/netty/netty/security/advisories/ghsa-9vjp-v76f-g363"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3cdev.tinkerpop.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6522822"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042284"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-communications-vulnerabilities-of-january-2022-37289"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3847"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012753"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4029"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170498/debian-security-advisory-5316-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168657/red-hat-security-advisory-2022-6835-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165980/red-hat-security-advisory-2022-0520-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/netty-codec-overload-via-snappyframedecoder-38515"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5422"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012310"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2799"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165564/red-hat-security-advisory-2022-0138-06.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167423/red-hat-security-advisory-2022-4918-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6523820"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167142/red-hat-security-advisory-2022-2216-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165105/red-hat-security-advisory-2021-4851-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0195"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167964/red-hat-security-advisory-2022-5903-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060838"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0168"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4229"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166408/red-hat-security-advisory-2022-1013-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166093/red-hat-security-advisory-2022-0589-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164936/red-hat-security-advisory-2021-3959-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4253"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5991"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3870"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5013"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0747"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169918/red-hat-security-advisory-2022-8506-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051235"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0644"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5134"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41269"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41269"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/netty/1:4.1.48-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/netty/1:4.1.48-4+deb11u1build0.22.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6049-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0833"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0341"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/netty"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "170498"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398973"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "166408"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "PACKETSTORM",
"id": "172072"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "170498"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-398973"
},
{
"date": "2022-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"date": "2021-12-15T15:25:47",
"db": "PACKETSTORM",
"id": "165294"
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288"
},
{
"date": "2022-03-23T15:52:53",
"db": "PACKETSTORM",
"id": "166408"
},
{
"date": "2022-01-14T15:29:02",
"db": "PACKETSTORM",
"id": "165564"
},
{
"date": "2023-05-01T16:09:49",
"db": "PACKETSTORM",
"id": "172072"
},
{
"date": "2023-05-18T13:50:51",
"db": "PACKETSTORM",
"id": "172453"
},
{
"date": "2023-01-12T15:16:09",
"db": "PACKETSTORM",
"id": "170498"
},
{
"date": "2021-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"date": "2021-10-19T15:15:07.757000",
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-398973"
},
{
"date": "2022-09-28T08:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-013841"
},
{
"date": "2023-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1441"
},
{
"date": "2023-11-07T03:36:54.510000",
"db": "NVD",
"id": "CVE-2021-37137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1441"
}
],
"trust": 0.6
}
}
var-202103-1564
Vulnerability from variot
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (HttpRequest, HttpContent, etc.) via Http2StreamFrameToHttpObjectCodecand then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: HTTP2MultiplexCodec or Http2FrameCodec is used, Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20478 - (7.3.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-20868 - Tracker bug for the EAP 7.3.7 release for RHEL-6 JBEAP-20927 - GSS Upgrade weld from 3.1.4.Final to 3.1.6.Final and weld-api to 3.1.0.SP3 JBEAP-20935 - GSS Upgrade generic jms from 2.0.8.Final-redhat-00001 to 2.0.9.Final-redhat-00001 JBEAP-20940 - (7.3.z) Upgrade WildFly Elytron from 1.10.11.Final-redhat-00001 to 1.10.12.Final-redhat-00001 JBEAP-21093 - [GSS] (7.3.z) Upgrade undertow from 2.0.34.SP1-redhat-00001 to 2.0.35.SP1-redhat-00001 JBEAP-21094 - (7.3.z) Upgrade WildFly Core from 10.1.18.Final-redhat-00001 to 10.1.19.Final-redhat-00001 JBEAP-21095 - GSS Upgrade HAL from 3.2.13.Final-redhat-00001 to 3.2.14.Final-redhat-00001 JBEAP-21096 - (7.3.z) (Core) Upgrade xalan from 2.7.1.jbossorg-2 to 2.7.1.jbossorg-5 JBEAP-21121 - (7.3.z) Upgrade wildfly-http-client from 1.0.25.Final-redhat-00001 to 1.0.26.Final-redhat-00001 JBEAP-21185 - GSS ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21186 - GSS Upgrade Infinispan from 9.4.19.Final-redhat-00001 to 9.4.22.Final-redhat-00001 JBEAP-21193 - (7.3.z) Upgrade RESTEasy from 3.11.3.Final-redhat-00001 to 3.11.4.Final-redhat-00001 JBEAP-21196 - GSS Upgrade JBoss Marshalling from 2.0.10.Final to 2.0.11.Final JBEAP-21203 - GSS Upgrade jgroups-kubernetes from 1.0.13.Final to 1.0.16.Final JBEAP-21262 - GSS Upgrade yasson from 1.0.5.redhat-00001 to 1.0.9.redhat-00001 JBEAP-21279 - (7.3.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21312 - GSS Upgrade Ironjacamar from 1.4.27 to 1.4.30 JBEAP-21322 - GSS 7.3 Update 6 patch breaks samesite-cookie in Undertow JBEAP-21351 - (7.3.z) Upgrade WildFly Core from 10.1.19.Final-redhat-00001 to 10.1.20.Final-redhat-00001 JBEAP-21390 - (7.3.z) Upgrade Bouncy Castle from 1.68.0.redhat-00001 to 1.68.0.redhat-00005 JBEAP-21479 - (7.3.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00001 to 1.4.3.Final-redhat-00002
- Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Satellite 6.11 Release Advisory ID: RHSA-2022:5498-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:5498 Issue date: 2022-07-05 CVE Names: CVE-2021-3200 CVE-2021-3584 CVE-2021-4142 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-30151 CVE-2021-32839 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-41136 CVE-2021-42550 CVE-2021-43797 CVE-2021-43818 CVE-2021-44420 CVE-2021-44568 CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818 CVE-2022-23633 CVE-2022-23634 CVE-2022-23833 CVE-2022-23837 CVE-2022-28346 CVE-2022-28347 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.11
- Relevant releases/architectures:
Red Hat Satellite 6.11 for RHEL 7 - noarch, x86_64 Red Hat Satellite 6.11 for RHEL 8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200)
- satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584)
- candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142)
- candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
- candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
- candlepin: netty: Request smuggling via content-length header (CVE-2021-21409)
- tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151)
- python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839)
- libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938)
- tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136)
- logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550)
- candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
- python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)
- python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420)
- libsolv: Heap overflow (CVE-2021-44568)
- python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818)
- tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633)
- tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634)
- python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833)
- tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837)
- python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
- New repo layout for Satellite, Utils, Maintenance, and Client repos.
- Support for RHEL 9 clients
- Module-based installation on RHEL 8
- Upgrading Satellite Server and Capsule Server installations from RHEL 7 to RHEL 8
- Connected and Disconnected servers supported on RHEL 7 and RHEL 8
- Inter-Server Synchronization improvements
- Puppet integration optional and disabled by default
- Pulp 3 updated to Python 3.8
- Change to Capsule certificate archive
- New default port for communication with Red Hat Subscription Management * (RHSM) API on Capsule servers
- New Content Views Page (Content Publication workflow simplification)
- New Hosts Page (Technology Preview)
- Registration and preview templates
- Simplified host content source changing
- Improved behavior for configuring and running remote jobs
- Provisioning improvements
- New error signaling unsupported options in TASK-Filter
- Virt-who configuration enhanced to support Nutanix AHV
- Cloud Connector configuration updated
- Improved Insights adoption
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
For Red Hat Satellite 6.11 see the following documentation for the release. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11
The important instructions on how to upgrade are available below. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite
- Bugs fixed (https://bugzilla.redhat.com/):
1459231 - [RFE] Support 'cleaning' a repo of downloaded on_demand content
1473263 - Processing outputs of remote command on the smart-proxy is slow.
1545000 - [RFE] As a user of Satellite, I would like to use another Satellite as my CDN.
1596004 - Cannot register host with activationkey that is associated to host collections that have host count limits
1609543 - concurrently creating repositories causes most of them are not visible for consumer at the end
1659649 - [RFE] Shorten or handle "410 Gone" errors rather than printing a page-long trace for each
1662924 - [RFE] Report that lists all the hosts on which a particular repository is enabled
1685708 - Editing a host tries to inherit the operating system properties from it's host-group instead of the CV and Lifecycle Environment assigned
1693733 - ensure foreman-maintain works with RHEL8 Satellite & Capsules
1694659 - [RFE] Host Add-Parameter button should not float down page as new params are added.
1713401 - RHEL 8 systems with OSPP applied cannot install katello-ca-consumer package from Satellite 6.5
1723632 - When restarting foreman-tasks, long running tasks got forcefully killed after 20 seconds of wait.
1723751 - [RFE] Provide a script-like interface to task cleanup, preventing wrong values from being entered
1735540 - Virt-who-config for kubevirt does not support in API and hammer CLI
1744521 - There is no way to identify the overriden Ansible variables while creating or editing an existing host
1761421 - [RFE] Option to "skip-tags" on Ansible runs from Red Hat Satellite server.
1770075 - Snippet template may render incorrect result when non-default scope class is used to render the main template.
1771724 - Move Actions::Katello::Host::UploadPackageProfile out of dynflow
1777820 - [RFE] Make hammer-cli available for RHEL 8 systems
1784254 - Static recurring job failed to schedule on 2nd iteration if any of the target host record is invalid.
1805028 - Issue with hammer shell while using "--fields" parameter to display host info
1807258 - Cloned viewer role cannot view facts
1807536 - Parent Hostgroup hammer parameter accept only name, not title
1809769 - [RFE] support ability disable and remove puppetserver from Satellite and Capsules
1811166 - REX job failed when you enable FIPS on RHEL 8 hosts
1813624 - Consistent use of unlimited-host argument throughout CLI
1819309 - [RFE] Load balanced capsules without using sticky sessions
1825761 - Ansible Role execution reports do not show Ansible Icon
1832858 - [RFE] Exporting a content view does not exports the description assigned to the content view.
1844848 - [RFE] add "duration" column to tasks hammer and export
1845471 - exclude source redhat containers by default
1847825 - Incorrect text alignment for error message
1851808 - Unable to set ssh password and sudo password when creating a REX job using hammer
1852897 - API - ISE when using invalid status type
1862140 - ipv4/6 auto-suggested address should be removed when the different domain and subnet with ipv6/4 are selected
1867193 - Content Host Traces Management modal window does not respect selection done on the previously opened page
1869351 - [RFE] Add ability to omit specific hosts from rh_cloud inventory upload
1872688 - Remote execution will fail on client with FIPS enabled
1873241 - [RFE] When choosing what capsule to use for Remote Execution into a host, use the host's "Registered through" capsule
1877283 - [RFE] Request to use /etc/virt-who.conf as the default config file for virt-who plugin
1878049 - Cancel button should be enabled in the capsule sync until the job completions
1881668 - hammer user list --help has invalid --order example
1883612 - [RFE] - Needs Dot Bullet to distinguised environment for Composite Content View on Red Hat Satellite Web UI
1883816 - Appropriate error message to be shown when creating authsource with same name as existing authsource.
1886780 - [Sat 6.8/UI/Bug] Refresh icon doesn't go away
1893059 - Satellite 6.8 Remote Execution fails on RHEL 8.2 clients with DEFAULT:NO-SHA1 crypto policy
1896628 - Hammer Command Fails to List Job Invocation Details if Organization is Used
1898656 - [RFE] Include status of REX jobs on the Satellite Dashboard
1899481 - [RFE] - Tasks: Need Word Wrap for Long Commands
1902047 - [RFE] In the message "Repository cannot be deleted since it has already been included in a published Content View" , include the name of CV and it's versions
1902314 - [RFE] Introduce check-only or dry-run feature for any kind of Ansible based job execution from Satellite 6
1906023 - ssh debug logging on FIPS causes REX job failure with OpenSSL::Digest::DigestError
1907795 - Remove the MS Windows provisioning Templates from the RedHat Satellite 6
1910433 - REX is not possible on RHEL 8 when FUTURE crypto policy is set from Satellite 6.8
1911545 - Epoch version is missing from rpm Packages tab of Content View Version
1914803 - Some of the "filters" permission changed after the upgrade.
1915394 - [RFE] Adding an option to keep the ansible-runner files on Satellite.
1919146 - [RFE] Possibility for further tailoring with Compliance Viewer role
1920579 - The private bookmark status is not reflected correct in satellite GUI and we cannot make a private bookmark public through Red Hat Satellite GUI
1922872 - Autosearch is not working even if its enabled.
1923766 - Inconsistent time format on Sync Plans Details page
1924625 - Sync status showing never synced even though the repositories has been synced successfully
1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory
1927532 - Large CRL file operation causes OOM error in Candlepin
1931489 - Timeout to kill settings in job execution is not honored when running an Ansible playbook
1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
1937470 - hammer does not have a compute resource associate VMs command as web UI has
1940308 - [BUG] The / at the end of proxy url is not being handled by satellite correctly when trying to enable repositories
1942806 - AttributeError occured when run python 3 bootstrap.py on RHEL9.0 Alpha
1944802 - [RFE] List of all Enabled Repository of all the content hosts using Reporting Templates.
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header
1951626 - Validate Content Sync on bulk product produces error messages
1955385 - Privilege escalation defined inside ansible playbook tasks is not working when executing the playbook via Remote Execution in Satellite 6
1957070 - [RFE] add 'name' for the role filter in API
1957288 - [RFE] Add option in the satellite to upload/sync OVAL defination to evalute the rule (xccdf_org.ssgproject.content_rule_security_patches_up_to_date) when performing Compliance scan on the client registered with the Satellite server.
1958664 - [RFE]? Replace?bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords?in the Satellite.
1959691 - [Tuning] Tuning Puma in the predefined tuning profiles
1960228 - Template is written twice when resolving provisioning templates for a host
1962307 - CVE-2021-3200 libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c
1962410 - VMs Migrating are Losing ELS Subscriptions and Repos for RHEL 6
1962847 - foreman-rake katello:* fails with the error message The Dynflow world was not initialized yet
1964394 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
1965968 - Since Satellite 6.8 it's not possible to remove subscriptions from 'WebUI --> Content --> Subscriptions' page if the user doesn't have 'Setting' permissions.
1967319 - The /api/usergroups/:usergroup_id/external_usergroups API is not accepting 1-group as the name of usergroup
1968439 - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration
1969748 - Hammer documentation for "hammer organization create --help" command has unnecessary and repeated description
1969992 - Exclude pulp-2to3-migration package from Satellite 7.0
1970482 - Discovery plugin ignores IPv6 when doing reboot/kexec/fetch facts
1972501 - After promoting the content view, Candlepin failed to mark the entitlement certificates as dirty
1973146 - [RFE] As a user I want to receive an email notification when a job I triggered fails
1974225 - Incremental CV update does not auto-publish CCV
1975321 - select all button selects recommendation for other organizations which fails remediation action(JobInvocation).
1978323 - [RFE]: Include curve25519sha256 support in Remote Execution
1978689 - [global registration] [hammer] - No proper alignment in host-registration generate-command -h command
1979092 - Capsule cname is reported as opposed to hostname
1979907 - [RFE] IPv6 fact is not being parsed for satellite hosts.
1980023 - satellite-installer times out during long running SQL DELETE transactions
1980166 - Too many libvirt connections from Satellite due to ssh connection leaks
1982970 - Fact updates causing unnecessary compliance recalculation in Candlepin
1988370 - [RFE] Support Nutanix AHV in the Satellite virt-who plugin
1992570 - Only Ansible config jobs should run in check mode
1992624 - Remote Execution fails to honor remote_execution_connect_by_ip override on host
1992698 - Store certain parts of dynflow data as msgpack
1994212 - Failed at scanning for repository: undefined method resolve_substitutions' for nil:NilClass
1994237 - Executing any foreman-rake commands shows 'ErbParser' and 'RubyParser' are ignored.
1994397 - Increased memory usage of pulp-3 workers during repo sync
1994679 - Host - Last Checkin report template is not showing any other content host apart from Red Hat Satellite itself.
1996803 - Grammatical errors with Insecure help text at Host Registration
1997575 - Lifecycle Environment tab flash OSTree & Docker details for a second then shows actual content path.
1997818 - "Login Page Footer Text" Blocking Login Button on Satellite UI
1998172 - Puppet classes and environment importer. documentation opens in same tab instead of a new one
1999604 - Unable to assign ansible roles to a host group via hammer/api with non-admin user
2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h
2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h
2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h
2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c
2000769 - pulp3: CV publishes with dependency solving and same source repos for copy are not concurrent
2002995 - hammer completion not working
2004016 - httpboot not working on GRUB version provided by RHEL7
2004158 - Sat 6.9.5: foreman-rake facts:clean aborts due to foreign key in database
2004234 - [RFE] Email notification after a job template execution completes.
2004335 - [RFE] API and Hammer functionality for Red Hat Access Insights in satellite 6
2005072 - CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter
2007655 - Authorization repository causing invalid upstream url
2008809 - Task is failing but still showing success state
2009049 - pulp_rpm: Basic-auth repository causing invalid upstream url
2009398 - hammer host interface update does not update remote execution setting
2010138 - Satellite doesn't forward the "If-Modified-Since" header for /accessible_content endpoint to Candlepin
2011062 - cockpit webconsole login fails when remote execution configured for kerberos
2013495 - CVE-2021-41136 rubygem-puma: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
2013503 - CVE-2021-30151 sidekiq: XSS via the queue name of the live-poll feature
2013837 - Improve REX error reporting when uploading script
2014037 - There is a new login account in satellite 6.9
2014244 - Remove Greedy DepSolving from UI
2014251 - Global Registration: Selecting Satellite URL as the proxy fails to register hosts with default config
2018263 - Using Satellite with a proxy produces an SELinux alert
2020329 - [RFE] Switch process output to DB
2021255 - Satellite schedules one recurring InventorySync::Async::InventoryScheduledSync per org but each task syncs all orgs, resulting in harmless but unnecessary tasks
2021352 - [RFE] One manifest version to cover all of Satellite 7
2021406 - syncing tens of repos to capsule can cause deadlock: while updating tuple (...) in relation "core_content"
2021985 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886
2022648 - please update to Satellite Ansible Collection 3.0.0
2023809 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column "subscription_id" contains null values
2024269 - Attempt of upgrading Satellite server to 6.7 or 6.8 stops with message "Please run 'foreman-maintain prep-6.10-upgrade' prior to upgrading." when using latest rubygem-foreman_maintain package
2024553 - Repository sync jobs are failing with the Exception "NoMethodError undefined methodrepository_href' for nil:NilClass" post upgrade to satellite version 6.10
2024889 - Syncing RHEL 5 KS repository fails with: " Artifact() got an unexpected keyword argument 'sha' "
2024894 - Unable to sync EPEL repositories on Satellite 6.10 when 'Mirror on Sync' is enabled
2024963 - Syncing EPEL repos on Satellite 6.10 fails with: "Incoming and existing advisories have the same id but different timestamps and non-intersecting package lists.."
2024978 - Satellite upgrade to 6.10.1 fails with multiple rubygem-sinatra package dependency errors
2024986 - CV publish fails with: No route matches {:action=>"show", :controller=>"foreman_tasks/tasks", :id=>nil}, missing required keys: [:id] (ActionController::UrlGenerationError)
2025049 - Executing remove-pulp2 after a successful Satellite 6.10 upgrade breaks synchronizations and repositories.
2025437 - New OS created due to facts mismatch for operatingsystem for RHSM, Puppet and Ansible
2025494 - Capsule sync task failed to refresh repo that doesn't have feed url with "bad argument (expected URI object or URI string)" error
2025523 - Ansible roles are not starting automatically after provisioning
2025760 - installer does not restart foreman.service when changing puma configuration
2025811 - Upgrading to Satellite 6.9.6 and above introduces an increase in system memory consumption causing Pulp activities to fail with OOM at certain times
2026239 - Config report upload failed with "No smart proxy server found on ["capsule.example.com"] and is not in trusted_hosts"
2026277 - null value in column "manifest_id" violates not-null constraint error while syncing RHOSP container images
2026415 - RFE: Add command for upgrading foreman-maintain to next major version
2026658 - Fix name & path to OS host_init_config template
2026718 - XCCDF Profile in Tailoring File selecting the first id not the selected id
2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA
2027052 - The redhat.satellite.foreman plugin is unable to collect all facts for the target systems as expected when using default api
2027968 - A failed CV promote during publish or repo sync causes ISE
2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths
2028205 - db:seed can fail when there are host mismatches
2028273 - Cannot pull container content - TypeError: wrong argument type String (expected OpenSSL/X509)
2028377 - [RFE] add option to export and import just repository for hammer content-export
2028446 - Pulp: Add options to change the import and export path in /etc/pulp/settings.py
2028733 - katello-change-hostname fails to perform changes, leaving the system in an unusable state
2029192 - Applying errata from the errata's page always tries to use katello-agent even when remote_execution_by_default set to true
2029375 - webhook event "build_exited" never gets triggered
2029385 - selinux denials when accessing /etc/pulp/certs/database_fields.symmetric.key
2029548 - Excluding system facts logs as WARN causing log files to increase dramatically
2029760 - Scenarios for Satellite and Capsule 7.0
2029807 - foreman-maintain service fails for external postgres service, when no psql utility installed
2029828 - TFTP Storage check fails on undefined method []' for nil:NilClass
2029829 - change hostname tries to unconditionally restart puppetserver
2029914 - FIPS enabled RHEL7 server: Candlepin services not running after installation
2030101 - No longer be able to import content into disconnected Satellite for existing content views
2030273 - The tasks generated by task export in html format are not sorted by date
2030434 - Repository sync download all metadata files on every sync, even when there is no new packages
2030460 - Need a way to sync from a specific content view lifecycle environment of the upstream organization
2030715 - hammer content-[import,export] uses /tmp directory for temporary decompression location
2031154 - After upgrading to Satellite 6.10, Repository sync randomly fails if a ReservedResource exists in core_taskreservedresource table of pulpcore DB.
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
2032098 - Incremental publish content view doesn't copy any contents
2032400 - Remove warning from reports page in 7.0
2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
2032602 - Content not accessible after importing
2032928 - Puppet disable command fails
2032956 - Cannot create bookmark for credentials search
2033174 - Large repo sync failed with "Katello::Errors::Pulp3Error: Response payload is not completed"
2033201 - Button to assign roles on Host details page missing
2033217 - "Cannot find rabl template 'api/v2/override_values/index'" error while trying to import Ansible variables using hammer CLI.
2033336 - Add 'service restart' step in purge-puppet command
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file
2033593 - fact_values api performance issues when loading a large number of facts
2033847 - Content view export failed with undefined methodfirst' for nil:NilClass
2033853 - Publish content view failed with "PulpRpmClient::ApiError Error message: the server returns an error"
2033940 - Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions
2034317 - hammer repository upload-content with large file gives "Too many open files" error
2034346 - CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin
2034461 - Capsule failed to sync empty repositories
2034552 - Puppet disable command fails on Capsule
2034635 - New hosts UI, removal of Share your feedback link
2034643 - New hosts UI, when navigated back to host detail from jobs detail, old ui is shown instead of new
2034649 - New hosts UI, missing Ansible cards
2034659 - OSTree repository update error: excludes is not a valid attribute in PulpOstreeClient::OstreeOstreeRemote
2035195 - command "hammer full-help" gives error "Error: uninitialized constant HammerCLIForeman::CommandExtensions::PuppetEnvironment"
2035204 - Tags need to be truncated in rh_cloud report
2035480 - In Satellite upgrade, yum update failed to resolve the "createrepo_c-libs" dependency
2035907 - Ansible config report time is one hour off
2036054 - [Custom Certs] - Failed to install the custom certs on the Satellite 7.0.0 works fine in 6.10
2036187 - self-upgrade fails with x.y should be greater than existing version x.y.z!
2036381 - Applying exclude filter on a CV containing kickstart repos causes missing package groups
2036628 - Rex job fails Error loading data from Capsule: NoMethodError - undefined method each' for nil:NilClass
2036721 - Satellite is creating the schedule on the wrong day of the week (day+1)
2037024 - CVE-2021-45115 django: Denial-of-service possibility in UserAttributeSimilarityValidator
2037025 - CVE-2021-45116 django: Potential information disclosure in dictsort template filter
2037028 - CVE-2021-45452 django: Potential directory-traversal via Storage.save()
2037180 - Failed to docker pull image with "Error: image <image name> not found" error
2037275 - Cockpit integration always fails with authentication error
2037508 - upload-content results in wrong RPM being added to product
2037518 - The RSS channel is set to the upstream URL
2037520 - Bootdisk new host page menu items are missing
2037648 - upgrade check checking group ownership of /var/lib/pulp (pulp2) instead of /var/lib/pulp/content (pulp3)
2037706 - Rex job fails: undefined methodjoin' for "RHSA-2012:0055":String
2037773 - The new host detail page should be enabled by default without the experimental warning
2038042 - Ansible Jobs are halting at status running
2038192 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
2038241 - ERROR: at least one Erratum record has migrated_pulp3_href NULL value
2038388 - Activation key issue with custom products on RHEL 6
2038432 - Error when importing content and same package belongs to multiple repositories
2038849 - repositories-setup procedure failing with "undefined method map' for "*":String"
2039289 - Installing Satellite7, satellite-installer runs redundant upgrade steps
2039696 - Puppet-related hammer commands still missing after plugin enabled
2040406 - Incorrect layout of new host details overview cards
2040447 - [RFE] Katello host detail tabs should accept URL params for search
2040453 - Limited CV docker tags cannot be pulled after syncing library repo with "limit sync tags"
2040596 - undefined methodname' for "":String" on "All Hosts" page
2040650 - Upgrade or offline backup fails on RHEL8 due to missing iptables command
2040773 - Updating repo with GPG key ID fails
2040796 - Grammar error on SyncPlan Details tab
2040870 - Error to import rhel7 kickstart on disconnected satellite
2041457 - Change ks= to inst.ks= and sendmac for RHEL 9 Beta
2041497 - Incremental CV update fails with 400 HTTP error
2041508 - Publication creation (during migration to pulp3 as well) can fail if /var/lib/pulp is NFS share
2041551 - Puppet enable fails on RHEL8 due to missing package(s)
2041588 - [RFE] Add Type to cdn configuration for 'disconnected' mode
2041701 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
2042416 - Unclickable Class names in Configure > Puppet classes
2042480 - Configure Cloud Connector fails after hostname change; potentially hits all templates
2042848 - Package list of repository is empty page
2042861 - [Recurring Logic]logging for recurring logic should be more verbose
2043081 - 406 error appears when running insights-client --compliance
2043097 - sql dump of dynflow data is encoded, what breaks sosreport
2043144 - After upgrading to 6.10, Satellite fails to sync some repositories with large files with timeout error
2043248 - Importing content fails if an importer with same name already exists
2043501 - Satellite upgrade fails during db:seed with ActiveRecord::RecordNotDestroyed: Failed to destroy the record
2043609 - pulpcore-workers grow very large when repositories have many changelog entries
2043726 - content views configured as "import only" generate 404 errors during capsule sync
2044581 - CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph
2044606 - New version of Candlepin now has org in entitlement certificate and causes authorization issues
2044631 - duplicate key value violates unique constraint "core_repositorycontent_repository_id_content_id_df902e11_uniq"
2044839 - SSH Remote execution does not reap processes when closing multiplexed ssh connection
2045504 - Show all provisioning templates by default
2045854 - organization context fails to change in web UI
2046281 - usability issues for user without execute_jobs_on_infrastructure_hosts permissions
2046307 - New host details Errata overview card shows stale data for unregistered host
2046322 - Manager role does contain the execute_jobs_on_infrastructure_hosts permission
2046328 - Custom yum CV does not show correct list of packages
2046337 - Certain manifest, subscription and repository related actions are broken while using HTTP Proxy as content_default_http_proxy in Satellite 6.10
2046484 - RPM exclude filter does not work in web UI
2046573 - update puppet classes via API to empty puppet classes does not update the classes
2047285 - [RFE] enable redis cache for pulp content server by default
2047443 - Unable to Import any content via Import/Export
2047451 - [RFE] [SAT-4229] Packages - Filter by status
2047485 - syncing repo using proxy can generate misleading log entries when proxy deny access to the url requested
2047649 - please update to Satellite Ansible Collection 3.1.0
2047675 - Getting "404 not found" when publishing a content view
2047683 - Force cancel a paused task doesn't release the lock
2048470 - Leapp upgrade fails after reboot with disabled postgresql redis tomcat services
2048517 - service stop tries to execute CheckTftpStorage
2048560 - REX doesn't honor effective_user when async_ssh is true
2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag
2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads
2048913 - "foreman-maintain health check --label check-hotfix-installed" fails with error "undefined method []' for nil:NilClass"
2048927 - Satellite 6.10 clone is looking for mongo_data.tar.gz file
2048986 - "foreman-maintain health check --label validate-yum-config" command failed with message "clean_requirements_on_remove=True Unset this configuration as it is risky while yum update or upgrade!"
2049143 - Unable to run Convert2RHEL role on the host
2049304 - katello-rhsm-consumer script subscription-manager version detection depends on subscription-manager rpm being installed
2049799 - Incremental update with --propagate-all-composites makes new CVV but with no new content
2049913 - Repo filtering shows all products and repos in different organizations
2050100 - Module streams enabled by default are gone when CV starts using filters
2050297 - Modifying 'Capsule tasks batch size for Ansible' causes subsequent Ansible jobs to hit TypeError
2050323 - Misleading error message when incorrect org label is entered
2050440 - pulp workers are idle despite there is one pending task
2051374 - wrong sinatra obsoletes makes Satellite uninstallable
2051408 - IP obfuscation algorithm can generate invalid IPs
2051468 - Active directory users taking too much time to login when its part of many groups.
2051522 - pulpcore_t and pulpcore_server_t domains are prevented to access httpd_config_t files
2051543 - smart_proxy_remote_execution_ssh leaves zombie ssh processes around
2051912 - Some of the services failed to start after satellite restore
2052048 - Repeated Ansible Role run scheduling adds extra time to specified start date
2052088 - Satellite-installer does not ensure proper permissions on /etc/foreman-proxy/ssl_ca.pem at every run
2052420 - Satellite upgrade fails during db:migrate with PG::DuplicateTable: ERROR: relation "index_hostgroups_puppetclasses_on_hostgroup_id" already exists
2052493 - restore on another machine fails with ERROR: web server's SSL certificate generation/signing failed
2052506 - "foreman-maintain health check --label check-hotfix-installed" does not display the modified files in command stdout.
2052524 - rubygem-sinatra el8 rpm should keep the epoch number
2052815 - dynflow fails with "403 extra bytes after the deserialized object"
2052958 - Job invocation fails for errata installation.
2053329 - content-view import fails with Error: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255)
2053395 - Satellite upgrade failed with error "Couldn't connect to the server: undefined methodto_sym' for nil:NilClass"
2053478 - Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"
2053601 - Errata icons are the wrong colors
2053839 - Deletion of Custom repo fails with error "uninitialized constant Actions::Foreman::Exception" in Satellite 7.0
2053843 - hammer shell with redirected input prints stty error on RHEL8
2053872 - Changing Upstream URL of a custom repo in WebUI raises error "Upstream password requires upstream username be set."
2053876 - Multiple instances of scheduled tasks of more types
2053884 - Host detail UI setting is not honored when returning to the host page after canceling an Edit action
2053923 - InsightsScheduledSync raises exception when allow_auto_insights_sync is false
2053928 - Satellite UI suddenly shows "Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors" for a capsule even if there are no connectivity issue present in Satellite\Capsule 7.0
2053956 - Installing Satellite 7.0 on FIPS enabled RHEL 8.5 fails on "katello-ssl-tool --gen-ca" step with error "ERROR: Certificate Authority private SSL key generation failed"
2053970 - Upgrade to Red Hat Satellite 7.0 fails at db:migrate step with error "undefined local variable or method type' for #<Katello::CdnConfiguration:0x00000000153c6198>"
2053996 - ReclaimSpace does not acquire repo lock so it can be run concurrently with the repo sync
2053997 - hammer lacks command "repository reclaim-space"
2054008 - Retain packages on Repository does not synchronize the specified number of packages on Satellite 7
2054121 - API and WebUI must disallow repo create with negative Retain package versions count
2054123 - hammer repository create ignores --retain-package-versions-count option
2054165 - After satellite-change-hostname, foreman tasks acquired lock error still refers to URL of old hostname
2054174 - Repo discovery feature cannot discover yum repositories because 'Content Default HTTP Proxy' is not used to connect to the upstream URL in Satellite 7.0
2054182 - remove pulp2 automatically on upgrade to 6.11 (If the user hasn't already done it)
2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests
2054340 - [SAT-4229] Module streams - basic table
2054758 - Satellite 6.10 clone is failing with user pulp doesn't exist
2054849 - CDN loading error for non-admin user and non-default org
2054971 - Enable registration by default
2055159 - Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0
2055312 - Enabling ISO type repository fails with PG::NotNullViolation: ERROR
2055329 - Cannot import a cv
2055495 - If Kickstart 7.X repos are being synced to Capsule 7.0 then Pulp 3 tries to sync a non-existant HighAvailability and ResilientStorage repo as well and gets 404 fnot found
2055513 - Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0
2055570 - Add check for LCE and CV presence in upstream server for disconnected Satellite
2055808 - Upgrading the Satellite 7.0 from Snap 8 to Snap 9 , sets the CDN configuration for all Organizations in airgapped mode
2055951 - Index content is creating duplicated errata in "katello_erratum" table after upgrading to Satellite 6.10
2056167 - [RFE] Create new content view should redirect to "Repositories" and not "Versions" tab
2056171 - [RFE] Publish new version should redirect to "Version" tab
2056172 - [RFE] Add repositories button should highlight in Content view
2056173 - [RFE] Content view filter doesn't shows "Start Date" & "End Date" tags to confirm the correct user inputs.
2056177 - [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file
2056178 - [RFE] Add RHEL-8 EUS repositories under recommended repositories
2056183 - Content view filter should suggest architectures parameters in RPM rule
2056186 - After enabling the Red Hat web console feature in Satellite 7.0, the redesigned Host page does not offers any option to connect to the Web\Cockpit Console of the client system
2056189 - Remove RHEL 7 EUS repository from the Recommended Repositories list
2056198 - [RFE] "Add Content Views" button should highlight in Composite Content view
2056202 - [RFE] Promote button should be displayed in the Content view version
2056237 - [Bug] Satellite Administration Documentation is missing
2056469 - Not possible to set hostgroup parameter during hostgroup creation
2056657 - Add deprecation banners for traditional (non-SCA) subscription management
2056966 - Part of REX job fails if multiple capsules are used for the job
2057178 - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function
2057309 - Latest Hardware version for VMware vSphere 7.0U3 is not available on Satellite 7
2057416 - rubygem-rack is obsoleted without epoch
2057605 - foreman.rpm pulls in nodejs
2057632 - Creating repo fails if there's a validation error in the first save.
2057658 - Update pulp-rpm to 3.17
2057782 - Limit sync tags parameter is displayed twice on the repositories detail page
2057848 - Inclusion of tags in limit sync tags parameter is not white listing the tags to sync
2058397 - Ensure pulp-rpm 3.17 is built for Satellite 6.11
2058532 - certs-regenerate breaks qpidd certificates, resulting in qpidd start-up failures: Couldn't find any network address to listen to
2058649 - Unable to set or unset "Discovery location" settings from UI of Satellite 7.0 but the same is partly feasible via hammer_cli.
2058711 - Ostree type is missing during repo creation.
2058844 - The foreman-protector plugin does not works for Satellite 6.11 if the OS is RHEL 8
2058863 - Everytime a host build is being submitted that somehow generates a huge traceback with error "undefined methodinsights' for nil:NilClass" in Satellite 7.0
2058867 - The insights registration steps happens during host build even if the host_registration_insights parameter is set to false in Satellite 7.0
2058894 - Server fingerprints not managed properly
2058905 - Content Import does not delete version on failure
2058984 - The Satellite 7.0 beta offers the download capability of both Host and Full Host image via UI where as the support for Host image was already removed in Satellite 6.10
2059576 - non admin user with host_view permission is unable to look at old host details ui
2059985 - please update to Satellite Ansible Collection 3.3.0
2060097 - [RFE] ouia-ID for content view table
2060396 - satellite-maintain self-upgrade passes even if the next major version maintenance repository isn't available
2060512 - Update terminology for ISS
2060546 - Leapp-upgrade package installation failing with dependency on sat 7.0
2060885 - Update foreman-ansible package to 7.0.3
2061688 - old rubygems (from 6.7 and older) installed and prevent EL7 to EL8 upgrade
2061749 - Templates sync with git on RHEL8 is causing SElinux error
2061773 - Settings defined by DSL are not properly encrypted
2061970 - Mirror on sync still shows up in 'hammer repository info', while mirroring policy does not
2062189 - satellite-installer gets failed with "Could not open SSL root certificate file /root/.postgresql/root.crt" error.
2062476 - GPG shows blank on repo details page render, but is correct when selecting the dropdown
2063149 - CVE-2022-23633 rubygem-actionpack: information leak between requests
2063190 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step
2063575 - [RFE] - add ouia-ID for buttons on a cv
2063910 - LEAPP upgrade fails with [Errno 2] No such file or directory: '/var/lib/leapp/scratch/mounts/root_/system_overlay/etc/pki/pulp/content/pulp-global-repo.ca'
2064400 - Migration of encrypted fields between 3.14 and 3.16 is broken for some remotes
2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors
2064434 - Repository set not showing repos after importing library and creating an ak in a disconnected satellite
2064583 - High memory usage of foreman-proxy during a scaled bulk REX job
2064707 - bootstrap.py can't reach the API via the capsule
2064793 - Remotes should have username and password cleared out if a user sets them to be blank
2065015 - "Sync Connect Timeout" settings takes invalid value and shows update successful but doesn't reflect the change for invalid values
2065027 - Job invocation installs all the installable errata if incorrect Job Template is used.
2065391 - LCE and content view label resets when trying to delete the field names in "Upstream Foreman Server" tab
2065448 - [RFE] - add ouia-ID prop to update buttons in CDN configuration
2065450 - [RFE] - add ouia-ID prop to all fields in CDN configuration
2066408 - REX SSH Key works for SSH but fails for REX on RHEL 8.5 Host
2066899 - After IP change on Tues Mar 22 Satellite manifest tasks fail with 'could not initialize proxy [org.candlepin.model.UpstreamConsumer#XXXXX] - no Session'
2067301 - hammer content-import fails with error Export version 3.14.9 of pulpcore does not match installed version 3.14.12 if the z-stream versions are different for the connected and disconnected satellite 6.10
2067331 - Upgrade to Satellite 6.9 and 6.10 fails with error "ActiveRecord::RecordInvalid: Validation failed: Remote execution features is invalid" during db:seed stage
2069135 - After restore from 6.10.2 (and older) backup to 6.10.3 candlepin is broken
2069248 - documentation links in 6.11 navigate to 7.0 instead of 6.11
2069381 - new host ui, do not navigate to task, instead navigate to job
2069456 - new host ui details,ansible roles, bug when all ansible roles are assigned
2069459 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unasigned automatically
2069640 - insights total risk chart network errors in new host page's overview tab
2070176 - Clicking on "Select recommendations from all pages" of host details page(insights tab) selects insights recommendations of other hosts as well.
2070177 - De-duplicate errata migration doesn't delete child records
2070242 - The satellite-maintain change with respect to 6.11 version shift
2070272 - Sync Status page does not show syncing progress bar under "Result" column when syncing a repo
2070620 - After upgrading to 6.11 ping check fails with "Some components are failing: katello_agent"
2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL
2072530 - Improvements on foreman-maintain's self-upgrade mechanism
2073039 - LEAPP upgrade enables wrong repositories for capsules
2073124 - HTTP responses include incorrect ETag value
2073194 - Filter API/ UI doesn't return errata, package group, module stream filter rules if repository has been removed from CV
2073307 - "Selected scenario is DISABLED" errors when trying to upgrade installer packages
2073313 - "Publish" action in the drop down doesn't work
2073421 - The new host page should be disabled by default
2073468 - Bootdisk Provisioning Templates are missing description
2073469 - Discovery kexec Provisioning Template is missing description
2073470 - "Kickstart default user data" Provisioning Template contains doubled description key
2075434 - bootstrap.py fails if puppet is not enabled in Satellite
2075519 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table "katello_errata" violates foreign key constraint "katello_content_facet_errata_errata_id"
2075528 - OS upgrade keeps original TFTP setup preventing machines to boot from the network
2076372 - Address VCR test changes in pulp_rpm_client 3.17.5
2076684 - NullPointerException during manifest refresh
2076987 - After upgrade any foreman-rake command shows 'ErbParser' and 'RubyParser' are ignored.
2077850 - Puppet purge fails on an upgraded Satellite
2078983 - Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4.
2079357 - foreman-maintain maintenance-mode status command fails with undefined methodmaintenance_mode_status?' for nil:NilClass2080909 - The satellite-maintain self-upgrade does not disable the non RHSM repository if it was not enabled on system
2081280 - Bootdisks are left in privatetmp of httpd
2081459 - Omit python*-pulp-ostree packages
2082076 - Settings - Like operator for name
2082241 - hammer host-collection create fails with "Too many arguments" when setting unlimited-hosts
2082505 - Omit python*-pulp-python packages
2082560 - satellite-clone missed version rename 7.0 to 6.11
2083532 - PG::ForeignKeyViolation: ERROR: update or delete on table "katello_erratum_packages" violates foreign key constraint "katello_msep_erratum_package_id_fk" on table "katello_module_stream_erratum_packages"
2084106 - satellite-change-hostname on capsule runs deprecated capsule-installer
2084624 - Unable to install 6.11 with ansible-core 2.12
2085446 - LEAPP preupgrade --target 8.6 fails to resolve conflicts for rubygem-openscap
2085528 - Change "Component content view" to "Content view"
2086101 - rhel8 repos are missing python2-qpid, making qpid-tools and thus the katello-agent support unavailable
2086683 - Actions::Candlepin::Owner::Import failing with "Entity version collision detected"
2086948 - Remove 6.11 beta branding
2087727 - Upgrade to Satellite 6.10.5.1 fails with error message "PG::NotNullViolation: ERROR: null value in column "erratum_package_id" violates not-null constraint"
2089361 - satellite-clone is broken on RHEL8.6
2089794 - Insights recommendations get halted with error undefined methodid' for nil:NilClass
2089796 - Absence of Package redhat-access-insights-puppet.noarch in rhel 8 sat/capsule
2089812 - Need to list Satellite Utils and Puppet agent repositories on Recommended Repositories page for Sat 6.11
2089928 - Dependency Issue when attempting to enable Satellite Infoblox DNS and DHCP plugins on RHEL 8
2090740 - Update links for the new puppet documentation
2090820 - satellite upgrade to 6.11 fails in installer with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup
2093679 - satellite-installer --enable-foreman-proxy-plugin-shellhooks fails with error Error: Unable to find a match: rubygem-smart_proxy_shellhooks in Red Hat Satellite 6.11
2094255 - Configure Cloud Connector runs against an old hostname after a hostname change
2094280 - rhc_instance_id is not being set correctly by configure cloud connector playbook.
2094454 - Error "missing keywords: :arch, :major, :minor" on CDN configuration
2095598 - The completion of a remediation playbook should indicate success or failure combined for all hosts in the run
2095599 - Satellite yggdrasil-forwarder-worker does not send proper lowercase JSON to RHC API
2096198 - Too many connection issue occurring for on-demand content sync
2096921 - "Reconfigure Cloud Connector" job fails on upgraded Satellite configured with fifi/receptor.
- Package List:
Red Hat Satellite 6.11 for RHEL 7:
Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm candlepin-4.1.13-1.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm katello-selinux-4.0.2-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.src.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.src.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.src.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.src.rpm tfm-rubygem-audited-4.9.0-4.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-2.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.src.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.src.rpm tfm-rubygem-crass-1.0.6-2.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.src.rpm tfm-rubygem-deface-1.5.3-3.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.src.rpm tfm-rubygem-facter-4.0.51-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.src.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.src.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.src.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.src.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.src.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.src.rpm tfm-rubygem-fx-0.5.0-2.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.src.rpm tfm-rubygem-git-1.5.0-2.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.src.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.src.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.src.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.src.rpm tfm-rubygem-http-3.3.0-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.src.rpm tfm-rubygem-mail-2.7.1-2.el7sat.src.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.src.rpm tfm-rubygem-os-1.0.0-3.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.src.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.src.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.src.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.src.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.src.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.src.rpm tfm-rubygem-puma-5.6.2-1.el7sat.src.rpm tfm-rubygem-puma-status-1.3-1.el7sat.src.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.src.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.src.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-redis-4.5.1-1.el7sat.src.rpm tfm-rubygem-representable-3.0.4-3.el7sat.src.rpm tfm-rubygem-responders-3.0.0-4.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.src.rpm tfm-rubygem-signet-0.14.0-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.src.rpm tfm-rubygem-thor-1.0.1-3.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.src.rpm tfm-rubygem-uber-0.1.0-3.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm candlepin-4.1.13-1.el7sat.noarch.rpm candlepin-selinux-4.1.13-1.el7sat.noarch.rpm foreman-3.1.1.21-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-3.1.1.21-2.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el7sat.noarch.rpm foreman-ec2-3.1.1.21-2.el7sat.noarch.rpm foreman-gce-3.1.1.21-2.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-journald-3.1.1.21-2.el7sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el7sat.noarch.rpm foreman-openstack-3.1.1.21-2.el7sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el7sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-selinux-3.1.2.1-1.el7sat.noarch.rpm foreman-service-3.1.1.21-2.el7sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el7sat.noarch.rpm foreman-vmware-3.1.1.21-2.el7sat.noarch.rpm katello-4.3.0-3.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm katello-selinux-4.0.2-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-dispatch-tools-1.14.0-1.el7_9.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-6.11.0-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.noarch.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-4.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-2.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.noarch.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-2.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-3.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.noarch.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-2.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.noarch.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-2.el7sat.noarch.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.noarch.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.noarch.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.noarch.rpm tfm-rubygem-puma-status-1.3-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.noarch.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.noarch.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-redis-4.5.1-1.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-3.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.noarch.rpm tfm-rubygem-signet-0.14.0-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-facter-4.0.51-2.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-puma-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-debuginfo-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-content-4.3.0-3.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm satellite-clone-3.1.0-2.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm satellite-clone-3.1.0-2.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: foreman-3.1.1.21-2.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm
noarch: foreman-cli-3.1.1.21-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm
x86_64: tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm candlepin-4.1.13-1.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm katello-selinux-4.0.2-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm postgresql-evr-0.0.2-1.el8sat.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-actioncable-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm rubygem-actionpack-6.0.4.7-1.el8sat.src.rpm rubygem-actiontext-6.0.4.7-1.el8sat.src.rpm rubygem-actionview-6.0.4.7-1.el8sat.src.rpm rubygem-activejob-6.0.4.7-1.el8sat.src.rpm rubygem-activemodel-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-import-1.1.0-1.el8sat.src.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm rubygem-activestorage-6.0.4.7-1.el8sat.src.rpm rubygem-activesupport-6.0.4.7-1.el8sat.src.rpm rubygem-acts_as_list-1.0.3-2.el8sat.src.rpm rubygem-addressable-2.8.0-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-ancestry-3.0.7-2.el8sat.src.rpm rubygem-anemone-0.7.2-23.el8sat.src.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-apipie-rails-0.5.17-4.el8sat.src.rpm rubygem-audited-4.9.0-4.el8sat.src.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm rubygem-builder-3.2.4-2.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-coffee-rails-5.0.0-2.el8sat.src.rpm rubygem-coffee-script-2.4.1-5.el8sat.src.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm rubygem-colorize-0.8.1-2.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-connection_pool-2.2.2-3.el8sat.src.rpm rubygem-crass-1.0.6-2.el8sat.src.rpm rubygem-css_parser-1.4.7-5.el8sat.src.rpm rubygem-daemons-1.2.3-7.1.el8sat.src.rpm rubygem-deacon-1.0.0-5.el8sat.src.rpm rubygem-declarative-0.0.10-3.el8sat.src.rpm rubygem-declarative-option-0.1.0-3.el8sat.src.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm rubygem-deface-1.5.3-3.el8sat.src.rpm rubygem-diffy-3.0.1-6.1.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-erubi-1.9.0-2.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-execjs-2.7.0-5.el8sat.src.rpm rubygem-facter-4.0.51-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-fog-aws-3.6.5-2.el8sat.src.rpm rubygem-fog-core-2.1.0-4.el8sat.src.rpm rubygem-fog-google-1.11.0-2.el8sat.src.rpm rubygem-fog-json-1.2.0-4.el8sat.src.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm rubygem-fog-openstack-1.0.8-4.el8sat.src.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.src.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.src.rpm rubygem-fog-xml-0.1.2-9.el8sat.src.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.src.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.src.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.src.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.src.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.src.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.src.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.src.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.src.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.src.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.src.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm rubygem-foreman_templates-9.1.0-1.el8sat.src.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.src.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.src.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.src.rpm rubygem-formatador-0.2.1-13.el8sat.src.rpm rubygem-friendly_id-5.3.0-2.el8sat.src.rpm rubygem-fx-0.5.0-2.el8sat.src.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm rubygem-git-1.5.0-2.el8sat.src.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm rubygem-globalid-0.4.2-2.el8sat.src.rpm rubygem-google-api-client-0.33.2-2.el8sat.src.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm rubygem-googleauth-0.13.1-2.el8sat.src.rpm rubygem-graphql-1.8.14-3.el8sat.src.rpm rubygem-graphql-batch-0.3.10-3.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-hocon-1.3.1-2.el8sat.src.rpm rubygem-http-3.3.0-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-http-form_data-2.1.1-2.el8sat.src.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm rubygem-httpclient-2.8.3-4.el8sat.src.rpm rubygem-i18n-1.8.2-2.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-ipaddress-0.8.0-13.el8sat.src.rpm rubygem-jgrep-1.3.3-11.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-katello-4.3.0.42-1.el8sat.src.rpm rubygem-kubeclient-4.3.0-2.el8sat.src.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-loofah-2.4.0-2.el8sat.src.rpm rubygem-mail-2.7.1-2.el8sat.src.rpm rubygem-marcel-1.0.1-1.el8sat.src.rpm rubygem-memoist-0.16.0-3.el8sat.src.rpm rubygem-method_source-0.9.2-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_mime-1.0.2-2.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-ms_rest-0.7.6-1.el8sat.src.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ldap-0.17.0-2.el8sat.src.rpm rubygem-net-ping-2.0.1-5.el8sat.src.rpm rubygem-net-scp-1.2.1-5.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-net_http_unix-0.2.2-2.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nio4r-2.5.4-2.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-optimist-3.0.0-3.el8sat.src.rpm rubygem-os-1.0.0-3.el8sat.src.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm rubygem-parallel-1.19.1-2.el8sat.src.rpm rubygem-parse-cron-0.1.4-5.el8sat.src.rpm rubygem-polyglot-0.3.5-3.1.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-prometheus-client-1.0.0-3.el8sat.src.rpm rubygem-promise.rb-0.7.4-3.el8sat.src.rpm rubygem-public_suffix-3.0.3-3.el8sat.src.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.src.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.src.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.src.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.src.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.src.rpm rubygem-puma-5.6.2-1.el8sat.src.rpm rubygem-puma-status-1.3-1.el8sat.src.rpm rubygem-qpid_proton-0.33.0-5.el8sat.src.rpm rubygem-quantile-0.2.0-5.el8sat.src.rpm rubygem-rabl-0.14.3-2.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-cors-1.0.2-3.el8sat.src.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rack-test-1.1.0-5.el8sat.src.rpm rubygem-rails-6.0.4.7-1.el8sat.src.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.src.rpm rubygem-rails-i18n-6.0.0-3.el8sat.src.rpm rubygem-railties-6.0.4.7-1.el8sat.src.rpm rubygem-rainbow-2.2.2-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-rbvmomi-2.2.0-4.el8sat.src.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.src.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-redis-4.5.1-1.el8sat.src.rpm rubygem-representable-3.0.4-3.el8sat.src.rpm rubygem-responders-3.0.0-4.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-retriable-3.1.2-3.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-roadie-3.4.0-4.el8sat.src.rpm rubygem-roadie-rails-2.1.1-3.el8sat.src.rpm rubygem-robotex-1.0.0-22.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm rubygem-ruby_parser-3.10.1-4.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-runcible-2.13.1-2.el8sat.src.rpm rubygem-safemode-1.3.6-2.el8sat.src.rpm rubygem-scoped_search-4.1.9-2.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-secure_headers-6.3.0-3.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sexp_processor-4.10.0-7.el8sat.src.rpm rubygem-sidekiq-5.2.10-1.el8sat.src.rpm rubygem-signet-0.14.0-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sprockets-4.0.2-2.el8sat.src.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-sshkey-1.9.0-5.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-stomp-1.4.9-2.el8sat.src.rpm rubygem-thor-1.0.1-3.el8sat.src.rpm rubygem-thread_safe-0.3.6-6.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-timeliness-0.3.10-2.el8sat.src.rpm rubygem-tzinfo-1.2.6-2.el8sat.src.rpm rubygem-uber-0.1.0-3.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm rubygem-will_paginate-3.1.7-4.el8sat.src.rpm rubygem-zeitwerk-2.2.2-2.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm candlepin-4.1.13-1.el8sat.noarch.rpm candlepin-selinux-4.1.13-1.el8sat.noarch.rpm foreman-3.1.1.21-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-cli-3.1.1.21-2.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el8sat.noarch.rpm foreman-ec2-3.1.1.21-2.el8sat.noarch.rpm foreman-gce-3.1.1.21-2.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-journald-3.1.1.21-2.el8sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el8sat.noarch.rpm foreman-openstack-3.1.1.21-2.el8sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el8sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-selinux-3.1.2.1-1.el8sat.noarch.rpm foreman-service-3.1.1.21-2.el8sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el8sat.noarch.rpm foreman-vmware-3.1.1.21-2.el8sat.noarch.rpm katello-4.3.0-3.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm katello-selinux-4.0.2-1.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-dispatch-tools-1.14.0-6.el8.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm rubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm rubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm rubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm rubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm rubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm rubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm rubygem-addressable-2.8.0-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-ancestry-3.0.7-2.el8sat.noarch.rpm rubygem-anemone-0.7.2-23.el8sat.noarch.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm rubygem-audited-4.9.0-4.el8sat.noarch.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm rubygem-builder-3.2.4-2.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm rubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm rubygem-colorize-0.8.1-2.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm rubygem-crass-1.0.6-2.el8sat.noarch.rpm rubygem-css_parser-1.4.7-5.el8sat.noarch.rpm rubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm rubygem-deacon-1.0.0-5.el8sat.noarch.rpm rubygem-declarative-0.0.10-3.el8sat.noarch.rpm rubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm rubygem-deface-1.5.3-3.el8sat.noarch.rpm rubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-erubi-1.9.0-2.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-execjs-2.7.0-5.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm rubygem-fog-core-2.1.0-4.el8sat.noarch.rpm rubygem-fog-google-1.11.0-2.el8sat.noarch.rpm rubygem-fog-json-1.2.0-4.el8sat.noarch.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm rubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.noarch.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.noarch.rpm rubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.noarch.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.noarch.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.noarch.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.noarch.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.noarch.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.noarch.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-cockpit-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm rubygem-foreman_templates-9.1.0-1.el8sat.noarch.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.noarch.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.noarch.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.noarch.rpm rubygem-formatador-0.2.1-13.el8sat.noarch.rpm rubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm rubygem-fx-0.5.0-2.el8sat.noarch.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm rubygem-git-1.5.0-2.el8sat.noarch.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm rubygem-globalid-0.4.2-2.el8sat.noarch.rpm rubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm rubygem-googleauth-0.13.1-2.el8sat.noarch.rpm rubygem-graphql-1.8.14-3.el8sat.noarch.rpm rubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-hocon-1.3.1-2.el8sat.noarch.rpm rubygem-http-3.3.0-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm rubygem-httpclient-2.8.3-4.el8sat.noarch.rpm rubygem-i18n-1.8.2-2.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-ipaddress-0.8.0-13.el8sat.noarch.rpm rubygem-jgrep-1.3.3-11.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-katello-4.3.0.42-1.el8sat.noarch.rpm rubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-loofah-2.4.0-2.el8sat.noarch.rpm rubygem-mail-2.7.1-2.el8sat.noarch.rpm rubygem-marcel-1.0.1-1.el8sat.noarch.rpm rubygem-memoist-0.16.0-3.el8sat.noarch.rpm rubygem-method_source-0.9.2-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm rubygem-net-ping-2.0.1-5.el8sat.noarch.rpm rubygem-net-scp-1.2.1-5.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-optimist-3.0.0-3.el8sat.noarch.rpm rubygem-os-1.0.0-3.el8sat.noarch.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm rubygem-parallel-1.19.1-2.el8sat.noarch.rpm rubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm rubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm rubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm rubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.noarch.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.noarch.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.noarch.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.noarch.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.noarch.rpm rubygem-puma-status-1.3-1.el8sat.noarch.rpm rubygem-quantile-0.2.0-5.el8sat.noarch.rpm rubygem-rabl-0.14.3-2.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rack-test-1.1.0-5.el8sat.noarch.rpm rubygem-rails-6.0.4.7-1.el8sat.noarch.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.noarch.rpm rubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm rubygem-railties-6.0.4.7-1.el8sat.noarch.rpm rubygem-rainbow-2.2.2-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.noarch.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-redis-4.5.1-1.el8sat.noarch.rpm rubygem-representable-3.0.4-3.el8sat.noarch.rpm rubygem-responders-3.0.0-4.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-retriable-3.1.2-3.el8sat.noarch.rpm rubygem-roadie-3.4.0-4.el8sat.noarch.rpm rubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm rubygem-robotex-1.0.0-22.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm rubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-runcible-2.13.1-2.el8sat.noarch.rpm rubygem-safemode-1.3.6-2.el8sat.noarch.rpm rubygem-scoped_search-4.1.9-2.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm rubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm rubygem-signet-0.14.0-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-sprockets-4.0.2-2.el8sat.noarch.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm rubygem-sshkey-1.9.0-5.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-stomp-1.4.9-2.el8sat.noarch.rpm rubygem-thor-1.0.1-3.el8sat.noarch.rpm rubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-timeliness-0.3.10-2.el8sat.noarch.rpm rubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm rubygem-uber-0.1.0-3.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm rubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm rubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm satellite-6.11.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm postgresql-evr-0.0.2-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm rubygem-facter-4.0.51-2.el8sat.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm rubygem-puma-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm rubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-content-4.3.0-3.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm satellite-capsule-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm satellite-clone-3.1.0-2.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm satellite-clone-3.1.0-2.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: foreman-3.1.1.21-2.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm
noarch: foreman-cli-3.1.1.21-2.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm
x86_64: rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3584 https://access.redhat.com/security/cve/CVE-2021-4142 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-30151 https://access.redhat.com/security/cve/CVE-2021-32839 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-41136 https://access.redhat.com/security/cve/CVE-2021-42550 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44420 https://access.redhat.com/security/cve/CVE-2021-44568 https://access.redhat.com/security/cve/CVE-2021-45115 https://access.redhat.com/security/cve/CVE-2021-45116 https://access.redhat.com/security/cve/CVE-2021-45452 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-23633 https://access.redhat.com/security/cve/CVE-2022-23634 https://access.redhat.com/security/cve/CVE-2022-23833 https://access.redhat.com/security/cve/CVE-2022-23837 https://access.redhat.com/security/cve/CVE-2022-28346 https://access.redhat.com/security/cve/CVE-2022-28347 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYsSEj9zjgjWX9erEAQj1NhAAh9dwyCl+/LFkekteujgg+I646SZTWNua 7x7JKiF+ptoaQB3ZcbKHAwuLMK5LNzTnsq+Y+ZuhPh1EkDKlZ1LkiONw/kTgMHLB EEq+lqiI3Lr31NWValfQiIatXbLQIyD7ZCk9dxxkJtTGGJw+CL7W4f2naYAsei+4 iYghK8DG5C33U5K/1NpXetfQMpRihferXV15Cx/bxGMcRP+ryD9vxxq4PDMWa1UH zTco1EAzP3UZxpD/AqCwNmBoG4r8gxSJml6CJatiicUQ1SrTdSMj2x8jYJ8pCWXR 2ceGJVse2rBC0cunqV3tX/NL9xu8L8Vq4lyYDzJNhoSElQ6Lb/lpu1HpQpoqqmAf UBA7f80opj1o80U/M/WTQaQ9dYFDua7WlzzeuP026Pohsy/M1lZicmXMCDGJZaT1 E4ivToILRGYfhZcVBrhFgWiPUQRmFvhxpGY0cStlmpMAruGeE9saXr1LyAbQrlty fnm4z+pRiLowgJPPTmusYPicL0p1DwU9XMxDSTW11/zp9PK5dErL+mIYofbvrOpk MhTKGBJ7yOgrmKTBUNIyNupeLuFM5MUBcw+nnTyjUHPh1Vaygq//WbUD+2IZileV 0tRbFgVrt8mCk031+OVCbsUyGPO/D9+ambl7xieynjuIOHyLC+H3PH9QghCzZAUS aMoVmOr2Umo=+ioi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "quarkus",
"scope": "lte",
"trust": 1.0,
"vendor": "quarkus",
"version": "1.13.7"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zookeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "3.5.9"
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.60"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "kudu",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.16.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.60",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:kudu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:zookeeper:3.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162714"
},
{
"db": "PACKETSTORM",
"id": "162719"
},
{
"db": "PACKETSTORM",
"id": "162732"
},
{
"db": "PACKETSTORM",
"id": "161954"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
}
],
"trust": 1.3
},
"cve": "CVE-2021-21295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-379190",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2021-21295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21295",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-21295",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-713",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379190",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21295",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20478 - (7.3.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4\nJBEAP-20868 - Tracker bug for the EAP 7.3.7 release for RHEL-6\nJBEAP-20927 - [GSS](7.3.z) Upgrade weld from 3.1.4.Final to 3.1.6.Final and weld-api to 3.1.0.SP3\nJBEAP-20935 - [GSS](7.3.z) Upgrade generic jms from 2.0.8.Final-redhat-00001 to 2.0.9.Final-redhat-00001\nJBEAP-20940 - (7.3.z) Upgrade WildFly Elytron from 1.10.11.Final-redhat-00001 to 1.10.12.Final-redhat-00001\nJBEAP-21093 - [GSS] (7.3.z) Upgrade undertow from 2.0.34.SP1-redhat-00001 to 2.0.35.SP1-redhat-00001\nJBEAP-21094 - (7.3.z) Upgrade WildFly Core from 10.1.18.Final-redhat-00001 to 10.1.19.Final-redhat-00001\nJBEAP-21095 - [GSS](7.3.z) Upgrade HAL from 3.2.13.Final-redhat-00001 to 3.2.14.Final-redhat-00001\nJBEAP-21096 - (7.3.z) (Core) Upgrade xalan from 2.7.1.jbossorg-2 to 2.7.1.jbossorg-5\nJBEAP-21121 - (7.3.z) Upgrade wildfly-http-client from 1.0.25.Final-redhat-00001 to 1.0.26.Final-redhat-00001\nJBEAP-21185 - [GSS](7.3.z) ISPN-12807 - Simple cache does not update eviction statistics\nJBEAP-21186 - [GSS](7.3.z) Upgrade Infinispan from 9.4.19.Final-redhat-00001 to 9.4.22.Final-redhat-00001\nJBEAP-21193 - (7.3.z) Upgrade RESTEasy from 3.11.3.Final-redhat-00001 to 3.11.4.Final-redhat-00001\nJBEAP-21196 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.10.Final to 2.0.11.Final\nJBEAP-21203 - [GSS](7.3.z) Upgrade jgroups-kubernetes from 1.0.13.Final to 1.0.16.Final\nJBEAP-21262 - [GSS](7.3.z) Upgrade yasson from 1.0.5.redhat-00001 to 1.0.9.redhat-00001\nJBEAP-21279 - (7.3.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13\nJBEAP-21312 - [GSS](7.3.z) Upgrade Ironjacamar from 1.4.27 to 1.4.30\nJBEAP-21322 - [GSS](7.3.z) 7.3 Update 6 patch breaks samesite-cookie in Undertow\nJBEAP-21351 - (7.3.z) Upgrade WildFly Core from 10.1.19.Final-redhat-00001 to 10.1.20.Final-redhat-00001\nJBEAP-21390 - (7.3.z) Upgrade Bouncy Castle from 1.68.0.redhat-00001 to 1.68.0.redhat-00005\nJBEAP-21479 - (7.3.z) Upgrade mod_cluster from 1.4.3.Final-redhat-00001 to 1.4.3.Final-redhat-00002\n\n7. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Satellite 6.11 Release\nAdvisory ID: RHSA-2022:5498-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5498\nIssue date: 2022-07-05\nCVE Names: CVE-2021-3200 CVE-2021-3584 CVE-2021-4142\n CVE-2021-21290 CVE-2021-21295 CVE-2021-21409\n CVE-2021-30151 CVE-2021-32839 CVE-2021-33928\n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938\n CVE-2021-41136 CVE-2021-42550 CVE-2021-43797\n CVE-2021-43818 CVE-2021-44420 CVE-2021-44568\n CVE-2021-45115 CVE-2021-45116 CVE-2021-45452\n CVE-2022-22818 CVE-2022-23633 CVE-2022-23634\n CVE-2022-23833 CVE-2022-23837 CVE-2022-28346\n CVE-2022-28347\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.11\n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.11 for RHEL 7 - noarch, x86_64\nRed Hat Satellite 6.11 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c\n(CVE-2021-3200)\n* satellite: foreman: Authenticate remote code execution through Sendmail\nconfiguration (CVE-2021-3584)\n* candlepin: Allow unintended SCA certificate to authenticate Candlepin\n(CVE-2021-4142)\n* candlepin: netty: Information disclosure via the local system temporary\ndirectory (CVE-2021-21290)\n* candlepin: netty: Possible request smuggling in HTTP/2 due missing\nvalidation (CVE-2021-21295)\n* candlepin: netty: Request smuggling via content-length header\n(CVE-2021-21409)\n* tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature\n(CVE-2021-30151)\n* python-sqlparse: ReDoS via regular expression in StripComments filter\n(CVE-2021-32839)\n* libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930\nCVE-2021-33938)\n* tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma\n(CVE-2021-41136)\n* logback-classic: Remote code execution through JNDI call from within its\nconfiguration file (CVE-2021-42550)\n* candlepin: netty: Control chars in header names may lead to HTTP request\nsmuggling (CVE-2021-43797)\n* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass\nthrough (CVE-2021-43818)\n* python3-django: Potential bypass of an upstream access control based on\nURL paths (CVE-2021-44420)\n* libsolv: Heap overflow (CVE-2021-44568)\n* python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116\nCVE-2021-45452 CVE-2022-22818)\n* tfm-rubygem-actionpack: Information leak between requests\n(CVE-2022-23633)\n* tfm-rubygem-puma: rubygem-rails: Information leak between requests\n(CVE-2022-23634)\n* python3-django: Denial-of-service possibility in file uploads\n(CVE-2022-23833)\n* tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on\ngraph (CVE-2022-23837)\n* python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* New repo layout for Satellite, Utils, Maintenance, and Client repos. \n* Support for RHEL 9 clients\n* Module-based installation on RHEL 8\n* Upgrading Satellite Server and Capsule Server installations from RHEL 7\nto RHEL 8\n* Connected and Disconnected servers supported on RHEL 7 and RHEL 8\n* Inter-Server Synchronization improvements\n* Puppet integration optional and disabled by default\n* Pulp 3 updated to Python 3.8\n* Change to Capsule certificate archive\n* New default port for communication with Red Hat Subscription Management *\n(RHSM) API on Capsule servers\n* New Content Views Page (Content Publication workflow simplification)\n* New Hosts Page (Technology Preview)\n* Registration and preview templates\n* Simplified host content source changing\n* Improved behavior for configuring and running remote jobs\n* Provisioning improvements\n* New error signaling unsupported options in TASK-Filter\n* Virt-who configuration enhanced to support Nutanix AHV\n* Cloud Connector configuration updated\n* Improved Insights adoption\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nFor Red Hat Satellite 6.11 see the following documentation for the release. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11\n\nThe important instructions on how to upgrade are available below. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1459231 - [RFE] Support \u0027cleaning\u0027 a repo of downloaded on_demand content\n1473263 - Processing outputs of remote command on the smart-proxy is slow. \n1545000 - [RFE] As a user of Satellite, I would like to use another Satellite as my CDN. \n1596004 - Cannot register host with activationkey that is associated to host collections that have host count limits\n1609543 - concurrently creating repositories causes most of them are not visible for consumer at the end\n1659649 - [RFE] Shorten or handle \"410 Gone\" errors rather than printing a page-long trace for each\n1662924 - [RFE] Report that lists all the hosts on which a particular repository is enabled\n1685708 - Editing a host tries to inherit the operating system properties from it\u0027s host-group instead of the CV and Lifecycle Environment assigned\n1693733 - ensure foreman-maintain works with RHEL8 Satellite \u0026 Capsules\n1694659 - [RFE] Host Add-Parameter button should not float down page as new params are added. \n1713401 - RHEL 8 systems with OSPP applied cannot install katello-ca-consumer package from Satellite 6.5\n1723632 - When restarting foreman-tasks, long running tasks got forcefully killed after 20 seconds of wait. \n1723751 - [RFE] Provide a script-like interface to task cleanup, preventing wrong values from being entered\n1735540 - Virt-who-config for kubevirt does not support in API and hammer CLI\n1744521 - There is no way to identify the overriden Ansible variables while creating or editing an existing host\n1761421 - [RFE] Option to \"skip-tags\" on Ansible runs from Red Hat Satellite server. \n1770075 - Snippet template may render incorrect result when non-default scope class is used to render the main template. \n1771724 - Move Actions::Katello::Host::UploadPackageProfile out of dynflow\n1777820 - [RFE] Make hammer-cli available for RHEL 8 systems\n1784254 - Static recurring job failed to schedule on 2nd iteration if any of the target host record is invalid. \n1805028 - Issue with hammer shell while using \"--fields\" parameter to display host info\n1807258 - Cloned viewer role cannot view facts\n1807536 - Parent Hostgroup hammer parameter accept only name, not title\n1809769 - [RFE] support ability disable and remove puppetserver from Satellite and Capsules\n1811166 - REX job failed when you enable FIPS on RHEL 8 hosts\n1813624 - Consistent use of unlimited-host argument throughout CLI\n1819309 - [RFE] Load balanced capsules without using sticky sessions\n1825761 - Ansible Role execution reports do not show Ansible Icon\n1832858 - [RFE] Exporting a content view does not exports the description assigned to the content view. \n1844848 - [RFE] add \"duration\" column to tasks hammer and export\n1845471 - exclude source redhat containers by default\n1847825 - Incorrect text alignment for error message\n1851808 - Unable to set ssh password and sudo password when creating a REX job using hammer\n1852897 - API - ISE when using invalid status type\n1862140 - ipv4/6 auto-suggested address should be removed when the different domain and subnet with ipv6/4 are selected\n1867193 - Content Host Traces Management modal window does not respect selection done on the previously opened page\n1869351 - [RFE] Add ability to omit specific hosts from rh_cloud inventory upload\n1872688 - Remote execution will fail on client with FIPS enabled\n1873241 - [RFE] When choosing what capsule to use for Remote Execution into a host, use the host\u0027s \"Registered through\" capsule\n1877283 - [RFE] Request to use /etc/virt-who.conf as the default config file for virt-who plugin\n1878049 - Cancel button should be enabled in the capsule sync until the job completions\n1881668 - hammer user list --help has invalid --order example\n1883612 - [RFE] - Needs Dot Bullet to distinguised environment for Composite Content View on Red Hat Satellite Web UI\n1883816 - Appropriate error message to be shown when creating authsource with same name as existing authsource. \n1886780 - [Sat 6.8/UI/Bug] Refresh icon doesn\u0027t go away\n1893059 - Satellite 6.8 Remote Execution fails on RHEL 8.2 clients with DEFAULT:NO-SHA1 crypto policy\n1896628 - Hammer Command Fails to List Job Invocation Details if Organization is Used\n1898656 - [RFE] Include status of REX jobs on the Satellite Dashboard\n1899481 - [RFE] - Tasks: Need Word Wrap for Long Commands\n1902047 - [RFE] In the message \"Repository cannot be deleted since it has already been included in a published Content View\" , include the name of CV and it\u0027s versions\n1902314 - [RFE] Introduce check-only or dry-run feature for any kind of Ansible based job execution from Satellite 6\n1906023 - ssh debug logging on FIPS causes REX job failure with OpenSSL::Digest::DigestError\n1907795 - Remove the MS Windows provisioning Templates from the RedHat Satellite 6\n1910433 - REX is not possible on RHEL 8 when FUTURE crypto policy is set from Satellite 6.8\n1911545 - Epoch version is missing from rpm Packages tab of Content View Version\n1914803 - Some of the \"filters\" permission changed after the upgrade. \n1915394 - [RFE] Adding an option to keep the ansible-runner files on Satellite. \n1919146 - [RFE] Possibility for further tailoring with Compliance Viewer role\n1920579 - The private bookmark status is not reflected correct in satellite GUI and we cannot make a private bookmark public through Red Hat Satellite GUI\n1922872 - Autosearch is not working even if its enabled. \n1923766 - Inconsistent time format on Sync Plans Details page\n1924625 - Sync status showing never synced even though the repositories has been synced successfully\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1927532 - Large CRL file operation causes OOM error in Candlepin\n1931489 - Timeout to kill settings in job execution is not honored when running an Ansible playbook\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1937470 - hammer does not have a compute resource associate VMs command as web UI has\n1940308 - [BUG] The / at the end of proxy url is not being handled by satellite correctly when trying to enable repositories\n1942806 - AttributeError occured when run python 3 bootstrap.py on RHEL9.0 Alpha\n1944802 - [RFE] List of all Enabled Repository of all the content hosts using Reporting Templates. \n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1951626 - Validate Content Sync on bulk product produces error messages\n1955385 - Privilege escalation defined inside ansible playbook tasks is not working when executing the playbook via Remote Execution in Satellite 6\n1957070 - [RFE] add \u0027name\u0027 for the role filter in API\n1957288 - [RFE] Add option in the satellite to upload/sync OVAL defination to evalute the rule (xccdf_org.ssgproject.content_rule_security_patches_up_to_date) when performing Compliance scan on the client registered with the Satellite server. \n1958664 - [RFE]? Replace?bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords?in the Satellite. \n1959691 - [Tuning] Tuning Puma in the predefined tuning profiles\n1960228 - Template is written twice when resolving provisioning templates for a host\n1962307 - CVE-2021-3200 libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c\n1962410 - VMs Migrating are Losing ELS Subscriptions and Repos for RHEL 6\n1962847 - foreman-rake katello:* fails with the error message The Dynflow world was not initialized yet\n1964394 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart\n1965968 - Since Satellite 6.8 it\u0027s not possible to remove subscriptions from \u0027WebUI --\u003e Content --\u003e Subscriptions\u0027 page if the user doesn\u0027t have \u0027Setting\u0027 permissions. \n1967319 - The /api/usergroups/:usergroup_id/external_usergroups API is not accepting 1-group as the name of usergroup\n1968439 - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration\n1969748 - Hammer documentation for \"hammer organization create --help\" command has unnecessary and repeated description\n1969992 - Exclude pulp-2to3-migration package from Satellite 7.0\n1970482 - Discovery plugin ignores IPv6 when doing reboot/kexec/fetch facts\n1972501 - After promoting the content view, Candlepin failed to mark the entitlement certificates as dirty\n1973146 - [RFE] As a user I want to receive an email notification when a job I triggered fails\n1974225 - Incremental CV update does not auto-publish CCV\n1975321 - select all button selects recommendation for other organizations which fails remediation action(JobInvocation). \n1978323 - [RFE]: Include curve25519sha256 support in Remote Execution\n1978689 - [global registration] [hammer] - No proper alignment in host-registration generate-command -h command\n1979092 - Capsule cname is reported as opposed to hostname\n1979907 - [RFE] IPv6 fact is not being parsed for satellite hosts. \n1980023 - satellite-installer times out during long running SQL DELETE transactions\n1980166 - Too many libvirt connections from Satellite due to ssh connection leaks\n1982970 - Fact updates causing unnecessary compliance recalculation in Candlepin\n1988370 - [RFE] Support Nutanix AHV in the Satellite virt-who plugin\n1992570 - Only Ansible config jobs should run in check mode\n1992624 - Remote Execution fails to honor remote_execution_connect_by_ip override on host\n1992698 - Store certain parts of dynflow data as msgpack\n1994212 - Failed at scanning for repository: undefined method `resolve_substitutions\u0027 for nil:NilClass\n1994237 - Executing any foreman-rake commands shows \u0027ErbParser\u0027 and \u0027RubyParser\u0027 are ignored. \n1994397 - Increased memory usage of pulp-3 workers during repo sync\n1994679 - Host - Last Checkin report template is not showing any other content host apart from Red Hat Satellite itself. \n1996803 - Grammatical errors with Insecure help text at Host Registration\n1997575 - Lifecycle Environment tab flash OSTree \u0026 Docker details for a second then shows actual content path. \n1997818 - \"Login Page Footer Text\" Blocking Login Button on Satellite UI\n1998172 - Puppet classes and environment importer. documentation opens in same tab instead of a new one\n1999604 - Unable to assign ansible roles to a host group via hammer/api with non-admin user\n2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h\n2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h\n2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h\n2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c\n2000769 - pulp3: CV publishes with dependency solving and same source repos for copy are not concurrent\n2002995 - hammer completion not working\n2004016 - httpboot not working on GRUB version provided by RHEL7\n2004158 - Sat 6.9.5: foreman-rake facts:clean aborts due to foreign key in database\n2004234 - [RFE] Email notification after a job template execution completes. \n2004335 - [RFE] API and Hammer functionality for Red Hat Access Insights in satellite 6\n2005072 - CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter\n2007655 - Authorization repository causing invalid upstream url\n2008809 - Task is failing but still showing success state\n2009049 - pulp_rpm: Basic-auth repository causing invalid upstream url\n2009398 - hammer host interface update does not update remote execution setting\n2010138 - Satellite doesn\u0027t forward the \"If-Modified-Since\" header for /accessible_content endpoint to Candlepin\n2011062 - cockpit webconsole login fails when remote execution configured for kerberos\n2013495 - CVE-2021-41136 rubygem-puma: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) in puma\n2013503 - CVE-2021-30151 sidekiq: XSS via the queue name of the live-poll feature\n2013837 - Improve REX error reporting when uploading script\n2014037 - There is a new login account in satellite 6.9\n2014244 - Remove Greedy DepSolving from UI\n2014251 - Global Registration: Selecting Satellite URL as the proxy fails to register hosts with default config\n2018263 - Using Satellite with a proxy produces an SELinux alert\n2020329 - [RFE] Switch process output to DB\n2021255 - Satellite schedules one recurring InventorySync::Async::InventoryScheduledSync per org but each task syncs all orgs, resulting in harmless but unnecessary tasks\n2021352 - [RFE] One manifest version to cover all of Satellite 7\n2021406 - syncing tens of repos to capsule can cause deadlock: while updating tuple (...) in relation \"core_content\"\n2021985 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886\n2022648 - please update to Satellite Ansible Collection 3.0.0\n2023809 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column \"subscription_id\" contains null values\n2024269 - Attempt of upgrading Satellite server to 6.7 or 6.8 stops with message \"Please run \u0027foreman-maintain prep-6.10-upgrade\u0027 prior to upgrading.\" when using latest rubygem-foreman_maintain package\n2024553 - Repository sync jobs are failing with the Exception \"NoMethodError undefined method `repository_href\u0027 for nil:NilClass\" post upgrade to satellite version 6.10\n2024889 - Syncing RHEL 5 KS repository fails with: \" Artifact() got an unexpected keyword argument \u0027sha\u0027 \"\n2024894 - Unable to sync EPEL repositories on Satellite 6.10 when \u0027Mirror on Sync\u0027 is enabled\n2024963 - Syncing EPEL repos on Satellite 6.10 fails with: \"Incoming and existing advisories have the same id but different timestamps and non-intersecting package lists..\"\n2024978 - Satellite upgrade to 6.10.1 fails with multiple rubygem-sinatra package dependency errors\n2024986 - CV publish fails with: No route matches {:action=\u003e\"show\", :controller=\u003e\"foreman_tasks/tasks\", :id=\u003enil}, missing required keys: [:id] (ActionController::UrlGenerationError)\n2025049 - Executing remove-pulp2 after a successful Satellite 6.10 upgrade breaks synchronizations and repositories. \n2025437 - New OS created due to facts mismatch for operatingsystem for RHSM, Puppet and Ansible\n2025494 - Capsule sync task failed to refresh repo that doesn\u0027t have feed url with \"bad argument (expected URI object or URI string)\" error\n2025523 - Ansible roles are not starting automatically after provisioning\n2025760 - installer does not restart foreman.service when changing puma configuration\n2025811 - Upgrading to Satellite 6.9.6 and above introduces an increase in system memory consumption causing Pulp activities to fail with OOM at certain times\n2026239 - Config report upload failed with \"No smart proxy server found on [\"capsule.example.com\"] and is not in trusted_hosts\"\n2026277 - null value in column \"manifest_id\" violates not-null constraint error while syncing RHOSP container images\n2026415 - RFE: Add command for upgrading foreman-maintain to next major version\n2026658 - Fix name \u0026 path to OS host_init_config template\n2026718 - XCCDF Profile in Tailoring File selecting the first id not the selected id\n2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA\n2027052 - The redhat.satellite.foreman plugin is unable to collect all facts for the target systems as expected when using default api\n2027968 - A failed CV promote during publish or repo sync causes ISE\n2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths\n2028205 - db:seed can fail when there are host mismatches\n2028273 - Cannot pull container content - TypeError: wrong argument type String (expected OpenSSL/X509)\n2028377 - [RFE] add option to export and import just repository for hammer content-export\n2028446 - Pulp: Add options to change the import and export path in /etc/pulp/settings.py\n2028733 - katello-change-hostname fails to perform changes, leaving the system in an unusable state\n2029192 - Applying errata from the errata\u0027s page always tries to use katello-agent even when remote_execution_by_default set to true\n2029375 - webhook event \"build_exited\" never gets triggered\n2029385 - selinux denials when accessing /etc/pulp/certs/database_fields.symmetric.key\n2029548 - Excluding system facts logs as WARN causing log files to increase dramatically\n2029760 - Scenarios for Satellite and Capsule 7.0\n2029807 - foreman-maintain service fails for external postgres service, when no psql utility installed\n2029828 - TFTP Storage check fails on undefined method `[]\u0027 for nil:NilClass\n2029829 - change hostname tries to unconditionally restart puppetserver\n2029914 - FIPS enabled RHEL7 server: Candlepin services not running after installation\n2030101 - No longer be able to import content into disconnected Satellite for existing content views\n2030273 - The tasks generated by task export in html format are not sorted by date\n2030434 - Repository sync download all metadata files on every sync, even when there is no new packages\n2030460 - Need a way to sync from a specific content view lifecycle environment of the upstream organization\n2030715 - hammer content-[import,export] uses /tmp directory for temporary decompression location\n2031154 - After upgrading to Satellite 6.10, Repository sync randomly fails if a ReservedResource exists in core_taskreservedresource table of pulpcore DB. \n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2032098 - Incremental publish content view doesn\u0027t copy any contents\n2032400 - Remove warning from reports page in 7.0\n2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through\n2032602 - Content not accessible after importing\n2032928 - Puppet disable command fails\n2032956 - Cannot create bookmark for credentials search\n2033174 - Large repo sync failed with \"Katello::Errors::Pulp3Error: Response payload is not completed\"\n2033201 - Button to assign roles on Host details page missing\n2033217 - \"Cannot find rabl template \u0027api/v2/override_values/index\u0027\" error while trying to import Ansible variables using hammer CLI. \n2033336 - Add \u0027service restart\u0027 step in purge-puppet command\n2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file\n2033593 - fact_values api performance issues when loading a large number of facts\n2033847 - Content view export failed with undefined method `first\u0027 for nil:NilClass\n2033853 - Publish content view failed with \"PulpRpmClient::ApiError Error message: the server returns an error\"\n2033940 - Error: AttributeError: \u0027NoneType\u0027 object has no attribute \u0027cast\u0027 thrown while listing repository versions\n2034317 - hammer repository upload-content with large file gives \"Too many open files\" error\n2034346 - CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin\n2034461 - Capsule failed to sync empty repositories\n2034552 - Puppet disable command fails on Capsule\n2034635 - New hosts UI, removal of Share your feedback link\n2034643 - New hosts UI, when navigated back to host detail from jobs detail, old ui is shown instead of new\n2034649 - New hosts UI, missing Ansible cards\n2034659 - OSTree repository update error: `excludes` is not a valid attribute in `PulpOstreeClient::OstreeOstreeRemote`\n2035195 - command \"hammer full-help\" gives error \"Error: uninitialized constant HammerCLIForeman::CommandExtensions::PuppetEnvironment\"\n2035204 - Tags need to be truncated in rh_cloud report\n2035480 - In Satellite upgrade, yum update failed to resolve the \"createrepo_c-libs\" dependency\n2035907 - Ansible config report time is one hour off\n2036054 - [Custom Certs] - Failed to install the custom certs on the Satellite 7.0.0 works fine in 6.10\n2036187 - self-upgrade fails with x.y should be greater than existing version x.y.z!\n2036381 - Applying exclude filter on a CV containing kickstart repos causes missing package groups\n2036628 - Rex job fails Error loading data from Capsule: NoMethodError - undefined method `each\u0027 for nil:NilClass\n2036721 - Satellite is creating the schedule on the wrong day of the week (day+1)\n2037024 - CVE-2021-45115 django: Denial-of-service possibility in UserAttributeSimilarityValidator\n2037025 - CVE-2021-45116 django: Potential information disclosure in dictsort template filter\n2037028 - CVE-2021-45452 django: Potential directory-traversal via Storage.save()\n2037180 - Failed to docker pull image with \"Error: image \u003cimage name\u003e not found\" error\n2037275 - Cockpit integration always fails with authentication error\n2037508 - upload-content results in wrong RPM being added to product\n2037518 - The RSS channel is set to the upstream URL\n2037520 - Bootdisk new host page menu items are missing\n2037648 - upgrade check checking group ownership of /var/lib/pulp (pulp2) instead of /var/lib/pulp/content (pulp3)\n2037706 - Rex job fails: undefined method `join\u0027 for \"RHSA-2012:0055\":String\n2037773 - The new host detail page should be enabled by default without the experimental warning\n2038042 - Ansible Jobs are halting at status running\n2038192 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\\puppet type repos\n2038241 - ERROR: at least one Erratum record has migrated_pulp3_href NULL value\n2038388 - Activation key issue with custom products on RHEL 6\n2038432 - Error when importing content and same package belongs to multiple repositories\n2038849 - repositories-setup procedure failing with \"undefined method `map\u0027 for \"*\":String\"\n2039289 - Installing Satellite7, satellite-installer runs redundant upgrade steps\n2039696 - Puppet-related hammer commands still missing after plugin enabled\n2040406 - Incorrect layout of new host details overview cards\n2040447 - [RFE] Katello host detail tabs should accept URL params for search\n2040453 - Limited CV docker tags cannot be pulled after syncing library repo with \"limit sync tags\"\n2040596 - undefined method `name\u0027 for \"\":String\" on \"All Hosts\" page\n2040650 - Upgrade or offline backup fails on RHEL8 due to missing iptables command\n2040773 - Updating repo with GPG key ID fails\n2040796 - Grammar error on SyncPlan Details tab\n2040870 - Error to import rhel7 kickstart on disconnected satellite\n2041457 - Change ks= to inst.ks= and sendmac for RHEL 9 Beta\n2041497 - Incremental CV update fails with 400 HTTP error\n2041508 - Publication creation (during migration to pulp3 as well) can fail if /var/lib/pulp is NFS share\n2041551 - Puppet enable fails on RHEL8 due to missing package(s)\n2041588 - [RFE] Add Type to cdn configuration for \u0027disconnected\u0027 mode\n2041701 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product\n2042416 - Unclickable Class names in Configure \u003e Puppet classes\n2042480 - Configure Cloud Connector fails after hostname change; potentially hits all templates\n2042848 - Package list of repository is empty page\n2042861 - [Recurring Logic]logging for recurring logic should be more verbose\n2043081 - 406 error appears when running insights-client --compliance\n2043097 - sql dump of dynflow data is encoded, what breaks sosreport\n2043144 - After upgrading to 6.10, Satellite fails to sync some repositories with large files with timeout error\n2043248 - Importing content fails if an importer with same name already exists\n2043501 - Satellite upgrade fails during db:seed with ActiveRecord::RecordNotDestroyed: Failed to destroy the record\n2043609 - pulpcore-workers grow very large when repositories have many changelog entries\n2043726 - content views configured as \"import only\" generate 404 errors during capsule sync\n2044581 - CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph\n2044606 - New version of Candlepin now has org in entitlement certificate and causes authorization issues\n2044631 - duplicate key value violates unique constraint \"core_repositorycontent_repository_id_content_id_df902e11_uniq\"\n2044839 - SSH Remote execution does not reap processes when closing multiplexed ssh connection\n2045504 - Show all provisioning templates by default\n2045854 - organization context fails to change in web UI\n2046281 - usability issues for user without execute_jobs_on_infrastructure_hosts permissions\n2046307 - New host details Errata overview card shows stale data for unregistered host\n2046322 - Manager role does contain the execute_jobs_on_infrastructure_hosts permission\n2046328 - Custom yum CV does not show correct list of packages\n2046337 - Certain manifest, subscription and repository related actions are broken while using HTTP Proxy as content_default_http_proxy in Satellite 6.10\n2046484 - RPM exclude filter does not work in web UI\n2046573 - update puppet classes via API to empty puppet classes does not update the classes\n2047285 - [RFE] enable redis cache for pulp content server by default\n2047443 - Unable to Import any content via Import/Export\n2047451 - [RFE] [SAT-4229] Packages - Filter by status\n2047485 - syncing repo using proxy can generate misleading log entries when proxy deny access to the url requested\n2047649 - please update to Satellite Ansible Collection 3.1.0\n2047675 - Getting \"404 not found\" when publishing a content view\n2047683 - Force cancel a paused task doesn\u0027t release the lock\n2048470 - Leapp upgrade fails after reboot with disabled postgresql redis tomcat services\n2048517 - service stop tries to execute CheckTftpStorage\n2048560 - REX doesn\u0027t honor effective_user when async_ssh is true\n2048775 - CVE-2022-22818 django: Possible XSS via \u0027{% debug %}\u0027 template tag\n2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads\n2048913 - \"foreman-maintain health check --label check-hotfix-installed\" fails with error \"undefined method `[]\u0027 for nil:NilClass\"\n2048927 - Satellite 6.10 clone is looking for mongo_data.tar.gz file\n2048986 - \"foreman-maintain health check --label validate-yum-config\" command failed with message \"clean_requirements_on_remove=True Unset this configuration as it is risky while yum update or upgrade!\"\n2049143 - Unable to run Convert2RHEL role on the host\n2049304 - katello-rhsm-consumer script subscription-manager version detection depends on subscription-manager rpm being installed\n2049799 - Incremental update with --propagate-all-composites makes new CVV but with no new content\n2049913 - Repo filtering shows all products and repos in different organizations\n2050100 - Module streams enabled by default are gone when CV starts using filters\n2050297 - Modifying \u0027Capsule tasks batch size for Ansible\u0027 causes subsequent Ansible jobs to hit TypeError\n2050323 - Misleading error message when incorrect org label is entered\n2050440 - pulp workers are idle despite there is one pending task\n2051374 - wrong sinatra obsoletes makes Satellite uninstallable\n2051408 - IP obfuscation algorithm can generate invalid IPs\n2051468 - Active directory users taking too much time to login when its part of many groups. \n2051522 - pulpcore_t and pulpcore_server_t domains are prevented to access httpd_config_t files\n2051543 - smart_proxy_remote_execution_ssh leaves zombie ssh processes around\n2051912 - Some of the services failed to start after satellite restore\n2052048 - Repeated Ansible Role run scheduling adds extra time to specified start date\n2052088 - Satellite-installer does not ensure proper permissions on /etc/foreman-proxy/ssl_ca.pem at every run\n2052420 - Satellite upgrade fails during db:migrate with PG::DuplicateTable: ERROR: relation \"index_hostgroups_puppetclasses_on_hostgroup_id\" already exists\n2052493 - restore on another machine fails with ERROR: web server\u0027s SSL certificate generation/signing failed\n2052506 - \"foreman-maintain health check --label check-hotfix-installed\" does not display the modified files in command stdout. \n2052524 - rubygem-sinatra el8 rpm should keep the epoch number\n2052815 - dynflow fails with \"403 extra bytes after the deserialized object\"\n2052958 - Job invocation fails for errata installation. \n2053329 - content-view import fails with Error: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255)\n2053395 - Satellite upgrade failed with error \"Couldn\u0027t connect to the server: undefined method `to_sym\u0027 for nil:NilClass\"\n2053478 - Uploading external DISA SCAP content to satellite 6.10 fails with exception \"Invalid SCAP file type\"\n2053601 - Errata icons are the wrong colors\n2053839 - Deletion of Custom repo fails with error \"uninitialized constant Actions::Foreman::Exception\" in Satellite 7.0\n2053843 - hammer shell with redirected input prints stty error on RHEL8\n2053872 - Changing Upstream URL of a custom repo in WebUI raises error \"Upstream password requires upstream username be set.\"\n2053876 - Multiple instances of scheduled tasks of more types\n2053884 - Host detail UI setting is not honored when returning to the host page after canceling an Edit action\n2053923 - InsightsScheduledSync raises exception when allow_auto_insights_sync is false\n2053928 - Satellite UI suddenly shows \"Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors\" for a capsule even if there are no connectivity issue present in Satellite\\Capsule 7.0\n2053956 - Installing Satellite 7.0 on FIPS enabled RHEL 8.5 fails on \"katello-ssl-tool --gen-ca\" step with error \"ERROR: Certificate Authority private SSL key generation failed\"\n2053970 - Upgrade to Red Hat Satellite 7.0 fails at db:migrate step with error \"undefined local variable or method `type\u0027 for #\u003cKatello::CdnConfiguration:0x00000000153c6198\u003e\"\n2053996 - ReclaimSpace does not acquire repo lock so it can be run concurrently with the repo sync\n2053997 - hammer lacks command \"repository reclaim-space\"\n2054008 - Retain packages on Repository does not synchronize the specified number of packages on Satellite 7\n2054121 - API and WebUI must disallow repo create with negative Retain package versions count\n2054123 - hammer repository create ignores --retain-package-versions-count option\n2054165 - After satellite-change-hostname, foreman tasks acquired lock error still refers to URL of old hostname\n2054174 - Repo discovery feature cannot discover yum repositories because \u0027Content Default HTTP Proxy\u0027 is not used to connect to the upstream URL in Satellite 7.0\n2054182 - remove pulp2 automatically on upgrade to 6.11 (If the user hasn\u0027t already done it)\n2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests\n2054340 - [SAT-4229] Module streams - basic table\n2054758 - Satellite 6.10 clone is failing with user pulp doesn\u0027t exist\n2054849 - CDN loading error for non-admin user and non-default org\n2054971 - Enable registration by default\n2055159 - Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0\n2055312 - Enabling ISO type repository fails with PG::NotNullViolation: ERROR\n2055329 - Cannot import a cv\n2055495 - If Kickstart 7.X repos are being synced to Capsule 7.0 then Pulp 3 tries to sync a non-existant HighAvailability and ResilientStorage repo as well and gets 404 fnot found\n2055513 - Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0\n2055570 - Add check for LCE and CV presence in upstream server for disconnected Satellite\n2055808 - Upgrading the Satellite 7.0 from Snap 8 to Snap 9 , sets the CDN configuration for all Organizations in airgapped mode\n2055951 - Index content is creating duplicated errata in \"katello_erratum\" table after upgrading to Satellite 6.10\n2056167 - [RFE] Create new content view should redirect to \"Repositories\" and not \"Versions\" tab\n2056171 - [RFE] Publish new version should redirect to \"Version\" tab\n2056172 - [RFE] Add repositories button should highlight in Content view\n2056173 - [RFE] Content view filter doesn\u0027t shows \"Start Date\" \u0026 \"End Date\" tags to confirm the correct user inputs. \n2056177 - [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file\n2056178 - [RFE] Add RHEL-8 EUS repositories under recommended repositories\n2056183 - Content view filter should suggest architectures parameters in RPM rule\n2056186 - After enabling the Red Hat web console feature in Satellite 7.0, the redesigned Host page does not offers any option to connect to the Web\\Cockpit Console of the client system\n2056189 - Remove RHEL 7 EUS repository from the Recommended Repositories list\n2056198 - [RFE] \"Add Content Views\" button should highlight in Composite Content view\n2056202 - [RFE] Promote button should be displayed in the Content view version\n2056237 - [Bug] Satellite Administration Documentation is missing\n2056469 - Not possible to set hostgroup parameter during hostgroup creation\n2056657 - Add deprecation banners for traditional (non-SCA) subscription management\n2056966 - Part of REX job fails if multiple capsules are used for the job\n2057178 - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function\n2057309 - Latest Hardware version for VMware vSphere 7.0U3 is not available on Satellite 7\n2057416 - rubygem-rack is obsoleted without epoch\n2057605 - foreman.rpm pulls in nodejs\n2057632 - Creating repo fails if there\u0027s a validation error in the first save. \n2057658 - Update pulp-rpm to 3.17\n2057782 - Limit sync tags parameter is displayed twice on the repositories detail page\n2057848 - Inclusion of tags in limit sync tags parameter is not white listing the tags to sync\n2058397 - Ensure pulp-rpm 3.17 is built for Satellite 6.11\n2058532 - certs-regenerate breaks qpidd certificates, resulting in qpidd start-up failures: Couldn\u0027t find any network address to listen to\n2058649 - Unable to set or unset \"Discovery location\" settings from UI of Satellite 7.0 but the same is partly feasible via hammer_cli. \n2058711 - Ostree type is missing during repo creation. \n2058844 - The foreman-protector plugin does not works for Satellite 6.11 if the OS is RHEL 8\n2058863 - Everytime a host build is being submitted that somehow generates a huge traceback with error \"undefined method `insights\u0027 for nil:NilClass\" in Satellite 7.0\n2058867 - The insights registration steps happens during host build even if the host_registration_insights parameter is set to false in Satellite 7.0\n2058894 - Server fingerprints not managed properly\n2058905 - Content Import does not delete version on failure\n2058984 - The Satellite 7.0 beta offers the download capability of both Host and Full Host image via UI where as the support for Host image was already removed in Satellite 6.10\n2059576 - non admin user with host_view permission is unable to look at old host details ui\n2059985 - please update to Satellite Ansible Collection 3.3.0\n2060097 - [RFE] ouia-ID for content view table\n2060396 - satellite-maintain self-upgrade passes even if the next major version maintenance repository isn\u0027t available\n2060512 - Update terminology for ISS\n2060546 - Leapp-upgrade package installation failing with dependency on sat 7.0\n2060885 - Update foreman-ansible package to 7.0.3\n2061688 - old rubygems (from 6.7 and older) installed and prevent EL7 to EL8 upgrade\n2061749 - Templates sync with git on RHEL8 is causing SElinux error\n2061773 - Settings defined by DSL are not properly encrypted\n2061970 - Mirror on sync still shows up in \u0027hammer repository info\u0027, while mirroring policy does not\n2062189 - satellite-installer gets failed with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error. \n2062476 - GPG shows blank on repo details page render, but is correct when selecting the dropdown\n2063149 - CVE-2022-23633 rubygem-actionpack: information leak between requests\n2063190 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error \"undefined method operatingsystems\u0027 for nil:NilClass\" during the db:migrate step\n2063575 - [RFE] - add ouia-ID for buttons on a cv\n2063910 - LEAPP upgrade fails with [Errno 2] No such file or directory: \u0027/var/lib/leapp/scratch/mounts/root_/system_overlay/etc/pki/pulp/content/pulp-global-repo.ca\u0027\n2064400 - Migration of encrypted fields between 3.14 and 3.16 is broken for some remotes\n2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors\n2064434 - Repository set not showing repos after importing library and creating an ak in a disconnected satellite\n2064583 - High memory usage of foreman-proxy during a scaled bulk REX job\n2064707 - bootstrap.py can\u0027t reach the API via the capsule\n2064793 - Remotes should have username and password cleared out if a user sets them to be blank\n2065015 - \"Sync Connect Timeout\" settings takes invalid value and shows update successful but doesn\u0027t reflect the change for invalid values\n2065027 - Job invocation installs all the installable errata if incorrect `Job Template` is used. \n2065391 - LCE and content view label resets when trying to delete the field names in \"Upstream Foreman Server\" tab\n2065448 - [RFE] - add ouia-ID prop to update buttons in CDN configuration\n2065450 - [RFE] - add ouia-ID prop to all fields in CDN configuration\n2066408 - REX SSH Key works for SSH but fails for REX on RHEL 8.5 Host\n2066899 - After IP change on Tues Mar 22 Satellite manifest tasks fail with \u0027could not initialize proxy [org.candlepin.model.UpstreamConsumer#XXXXX] - no Session\u0027\n2067301 - hammer content-import fails with error Export version 3.14.9 of pulpcore does not match installed version 3.14.12 if the z-stream versions are different for the connected and disconnected satellite 6.10\n2067331 - Upgrade to Satellite 6.9 and 6.10 fails with error \"ActiveRecord::RecordInvalid: Validation failed: Remote execution features is invalid\" during db:seed stage\n2069135 - After restore from 6.10.2 (and older) backup to 6.10.3 candlepin is broken\n2069248 - documentation links in 6.11 navigate to 7.0 instead of 6.11\n2069381 - new host ui, do not navigate to task, instead navigate to job\n2069456 - new host ui details,ansible roles, bug when all ansible roles are assigned\n2069459 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unasigned automatically\n2069640 - insights total risk chart network errors in new host page\u0027s overview tab\n2070176 - Clicking on \"Select recommendations from all pages\" of host details page(insights tab) selects insights recommendations of other hosts as well. \n2070177 - De-duplicate errata migration doesn\u0027t delete child records\n2070242 - The satellite-maintain change with respect to 6.11 version shift\n2070272 - Sync Status page does not show syncing progress bar under \"Result\" column when syncing a repo\n2070620 - After upgrading to 6.11 ping check fails with \"Some components are failing: katello_agent\"\n2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()\n2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL\n2072530 - Improvements on foreman-maintain\u0027s self-upgrade mechanism\n2073039 - LEAPP upgrade enables wrong repositories for capsules\n2073124 - HTTP responses include incorrect ETag value\n2073194 - Filter API/ UI doesn\u0027t return errata, package group, module stream filter rules if repository has been removed from CV\n2073307 - \"Selected scenario is DISABLED\" errors when trying to upgrade installer packages\n2073313 - \"Publish\" action in the drop down doesn\u0027t work\n2073421 - The new host page should be disabled by default\n2073468 - Bootdisk Provisioning Templates are missing description\n2073469 - Discovery kexec Provisioning Template is missing description\n2073470 - \"Kickstart default user data\" Provisioning Template contains doubled description key\n2075434 - bootstrap.py fails if puppet is not enabled in Satellite\n2075519 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table \"katello_errata\" violates foreign key constraint \"katello_content_facet_errata_errata_id\"\n2075528 - OS upgrade keeps original TFTP setup preventing machines to boot from the network\n2076372 - Address VCR test changes in pulp_rpm_client 3.17.5\n2076684 - NullPointerException during manifest refresh\n2076987 - After upgrade any foreman-rake command shows \u0027ErbParser\u0027 and \u0027RubyParser\u0027 are ignored. \n2077850 - Puppet purge fails on an upgraded Satellite\n2078983 - Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4. \n2079357 - foreman-maintain maintenance-mode status command fails with `undefined method `maintenance_mode_status?\u0027 for nil:NilClass`\n2080909 - The satellite-maintain self-upgrade does not disable the non RHSM repository if it was not enabled on system\n2081280 - Bootdisks are left in privatetmp of httpd\n2081459 - Omit python*-pulp-ostree packages\n2082076 - Settings - Like operator for name\n2082241 - hammer host-collection create fails with \"Too many arguments\" when setting unlimited-hosts\n2082505 - Omit python*-pulp-python packages\n2082560 - satellite-clone missed version rename 7.0 to 6.11\n2083532 - PG::ForeignKeyViolation: ERROR: update or delete on table \"katello_erratum_packages\" violates foreign key constraint \"katello_msep_erratum_package_id_fk\" on table \"katello_module_stream_erratum_packages\"\n2084106 - satellite-change-hostname on capsule runs deprecated capsule-installer\n2084624 - Unable to install 6.11 with ansible-core 2.12\n2085446 - LEAPP preupgrade --target 8.6 fails to resolve conflicts for rubygem-openscap\n2085528 - Change \"Component content view\" to \"Content view\"\n2086101 - rhel8 repos are missing python2-qpid, making qpid-tools and thus the katello-agent support unavailable\n2086683 - Actions::Candlepin::Owner::Import failing with \"Entity version collision detected\"\n2086948 - Remove 6.11 beta branding\n2087727 - Upgrade to Satellite 6.10.5.1 fails with error message \"PG::NotNullViolation: ERROR: null value in column \"erratum_package_id\" violates not-null constraint\"\n2089361 - satellite-clone is broken on RHEL8.6\n2089794 - Insights recommendations get halted with error undefined method `id\u0027 for nil:NilClass\n2089796 - Absence of Package redhat-access-insights-puppet.noarch in rhel 8 sat/capsule\n2089812 - Need to list Satellite Utils and Puppet agent repositories on Recommended Repositories page for Sat 6.11\n2089928 - Dependency Issue when attempting to enable Satellite Infoblox DNS and DHCP plugins on RHEL 8\n2090740 - Update links for the new puppet documentation\n2090820 - satellite upgrade to 6.11 fails in installer with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup\n2093679 - satellite-installer --enable-foreman-proxy-plugin-shellhooks fails with error Error: Unable to find a match: rubygem-smart_proxy_shellhooks in Red Hat Satellite 6.11\n2094255 - Configure Cloud Connector runs against an old hostname after a hostname change\n2094280 - rhc_instance_id is not being set correctly by configure cloud connector playbook. \n2094454 - Error \"missing keywords: :arch, :major, :minor\" on CDN configuration\n2095598 - The completion of a remediation playbook should indicate success or failure combined for all hosts in the run\n2095599 - Satellite yggdrasil-forwarder-worker does not send proper lowercase JSON to RHC API\n2096198 - Too many connection issue occurring for on-demand content sync\n2096921 - \"Reconfigure Cloud Connector\" job fails on upgraded Satellite configured with fifi/receptor. \n\n6. Package List:\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm\nansible-runner-1.4.7-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.src.rpm\ncandlepin-4.1.13-1.el7sat.src.rpm\ncreaterepo_c-0.20.0-1.el7pc.src.rpm\ndynflow-utils-1.6.3-1.el7sat.src.rpm\nforeman-3.1.1.21-2.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.8.2-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm\nforeman-installer-3.1.2.6-1.el7sat.src.rpm\nforeman-proxy-3.1.1.1-1.el7sat.src.rpm\nforeman-selinux-3.1.2.1-1.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-4.3.0-3.el7sat.src.rpm\nkatello-certs-tools-2.9.0-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.src.rpm\nkatello-selinux-4.0.2-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-2.el7sat.src.rpm\nlibcomps-0.1.18-1.el7pc.src.rpm\nlibmodulemd2-2.9.3-1.el7pc.src.rpm\nlibsodium-1.0.17-3.el7sat.src.rpm\nlibsolv-0.7.22-1.el7pc.src.rpm\nlibsolv0-0.6.34-4.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulpcore-selinux-1.3.0-1.el7pc.src.rpm\npuppet-agent-7.12.1-1.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.src.rpm\npuppetserver-7.4.2-1.el7sat.src.rpm\npython-daemon-2.1.2-7.2.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.7.2-2.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.src.rpm\nqpid-cpp-1.36.0-32.el7_9amq.src.rpm\nqpid-dispatch-1.14.0-1.el7_9.src.rpm\nqpid-proton-0.33.0-6.el7_9.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\nsatellite-installer-6.11.0.7-1.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-pulpcore-1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm\ntfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm\ntfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm\ntfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm\ntfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm\ntfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm\ntfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm\ntfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm\ntfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm\ntfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm\ntfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm\ntfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm\ntfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm\ntfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm\ntfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm\ntfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm\ntfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm\ntfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm\ntfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm\ntfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm\ntfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm\ntfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm\ntfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm\ntfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm\ntfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm\ntfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm\ntfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm\ntfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm\ntfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm\ntfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm\ntfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm\ntfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm\ntfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm\ntfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm\ntfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm\ntfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm\ntfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm\ntfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm\ntfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm\ntfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm\ntfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm\ntfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm\ntfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm\ntfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm\ntfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm\ntfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm\ntfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm\ntfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm\ntfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm\ntfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm\ntfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm\ntfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm\ntfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm\ntfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm\ntfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm\ntfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm\ntfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm\ntfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm\ntfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm\ntfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm\ntfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm\ntfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm\ntfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm\ntfm-rubygem-actioncable-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-acts_as_list-1.0.3-2.el7sat.src.rpm\ntfm-rubygem-addressable-2.8.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-2.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-23.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-4.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-4.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-4.1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-2.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-2.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-5.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-5.el7sat.src.rpm\ntfm-rubygem-colorize-0.8.1-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-3.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-2.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-5.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.1.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-5.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-3.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-3.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-3.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.1.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-2.el7sat.src.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-5.el7sat.src.rpm\ntfm-rubygem-facter-4.0.51-2.el7sat.src.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-2.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-4.el7sat.src.rpm\ntfm-rubygem-fog-google-1.11.0-2.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-4.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.9.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-4.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.5.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-9.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-5.2.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-19.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.17-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.9-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-5.1.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_puppet-2.0.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.1.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.src.rpm\ntfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-13.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-2.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-2.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-2.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.33.2-2.el7sat.src.rpm\ntfm-rubygem-google-cloud-env-1.3.3-2.el7sat.src.rpm\ntfm-rubygem-googleauth-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-3.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-3.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-hocon-1.3.1-2.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-4.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-2.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-13.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-13.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm\ntfm-rubygem-katello-4.3.0.42-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-2.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-2.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-2.el7sat.src.rpm\ntfm-rubygem-marcel-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-3.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-3.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.6-1.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.src.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.17.0-2.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-5.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-5.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm\ntfm-rubygem-net_http_unix-0.2.2-2.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.4-2.1.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-3.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.src.rpm\ntfm-rubygem-parallel-1.19.1-2.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-5.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-4.1.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.1.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-3.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-3.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-3.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-2.9.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.10.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.src.rpm\ntfm-rubygem-pulp_python_client-3.5.2-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.16.7-1.el7sat.src.rpm\ntfm-rubygem-puma-5.6.2-1.el7sat.src.rpm\ntfm-rubygem-puma-status-1.3-1.el7sat.src.rpm\ntfm-rubygem-qpid_proton-0.33.0-5.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-5.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-2.el7sat.src.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-3.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-10.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-5.el7sat.src.rpm\ntfm-rubygem-rails-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-3.el7sat.src.rpm\ntfm-rubygem-railties-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.2-1.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-4.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-4.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-redis-4.5.1-1.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-3.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-4.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-3.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-22.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-4.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.1-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.6-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-2.el7sat.src.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-3.el7sat.src.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-7.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.10-1.el7sat.src.rpm\ntfm-rubygem-signet-0.14.0-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-sprockets-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-7.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-2.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-6.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-2.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-2.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-3.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-2.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-4.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-2.el7sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm\nansible-runner-1.4.7-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm\ncandlepin-4.1.13-1.el7sat.noarch.rpm\ncandlepin-selinux-4.1.13-1.el7sat.noarch.rpm\nforeman-3.1.1.21-2.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-3.1.1.21-2.el7sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el7sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-3.1.1.21-2.el7sat.noarch.rpm\nforeman-ec2-3.1.1.21-2.el7sat.noarch.rpm\nforeman-gce-3.1.1.21-2.el7sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el7sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm\nforeman-journald-3.1.1.21-2.el7sat.noarch.rpm\nforeman-libvirt-3.1.1.21-2.el7sat.noarch.rpm\nforeman-openstack-3.1.1.21-2.el7sat.noarch.rpm\nforeman-ovirt-3.1.1.21-2.el7sat.noarch.rpm\nforeman-postgresql-3.1.1.21-2.el7sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm\nforeman-selinux-3.1.2.1-1.el7sat.noarch.rpm\nforeman-service-3.1.1.21-2.el7sat.noarch.rpm\nforeman-telemetry-3.1.1.21-2.el7sat.noarch.rpm\nforeman-vmware-3.1.1.21-2.el7sat.noarch.rpm\nkatello-4.3.0-3.el7sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm\nkatello-common-4.3.0-3.el7sat.noarch.rpm\nkatello-debug-4.3.0-3.el7sat.noarch.rpm\nkatello-selinux-4.0.2-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm\npuppetserver-7.4.2-1.el7sat.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython2-ansible-runner-1.4.7-1.el7ar.noarch.rpm\npython2-daemon-2.1.2-7.2.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\nqpid-dispatch-tools-1.14.0-1.el7_9.noarch.rpm\nqpid-tools-1.36.0-32.el7_9amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-6.11.0-2.el7sat.noarch.rpm\nsatellite-cli-6.11.0-2.el7sat.noarch.rpm\nsatellite-common-6.11.0-2.el7sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\ntfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm\ntfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm\ntfm-rubygem-actioncable-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-acts_as_list-1.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-2.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-23.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-4.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-4.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-2.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-5.el7sat.noarch.rpm\ntfm-rubygem-colorize-0.8.1-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-3.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-2.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.1.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-5.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-3.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-3.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.1.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-2.el7sat.noarch.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-5.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-2.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.11.0-2.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-4.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-9.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-5.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-19.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.17-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-5.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_puppet-2.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-5.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-13.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-2.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.33.2-2.el7sat.noarch.rpm\ntfm-rubygem-google-cloud-env-1.3.3-2.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-3.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-hocon-1.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-4.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-2.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-13.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-13.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-katello-4.3.0.42-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-marcel-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-3.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-3.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.6-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.17.0-2.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-net_http_unix-0.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.noarch.rpm\ntfm-rubygem-parallel-1.19.1-2.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-5.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.1.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-3.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-3.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-2.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.10.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.noarch.rpm\ntfm-rubygem-pulp_python_client-3.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.16.7-1.el7sat.noarch.rpm\ntfm-rubygem-puma-status-1.3-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-5.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-10.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-5.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-4.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-redis-4.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-3.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-22.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-4.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.6-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-2.el7sat.noarch.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-7.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.10-1.el7sat.noarch.rpm\ntfm-rubygem-signet-0.14.0-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-sprockets-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-7.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-5.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-2.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-6.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-2.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-2.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-2.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el7pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibcomps-0.1.18-1.el7pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm\nlibmodulemd2-2.9.3-1.el7pc.x86_64.rpm\nlibmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm\nlibsodium-1.0.17-3.el7sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm\nlibsolv-0.7.22-1.el7pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm\nlibsolv0-0.6.34-4.el7sat.x86_64.rpm\nlibsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm\npuppet-agent-7.12.1-1.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.33.0-6.el7_9.x86_64.rpm\npython-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-psutil-5.7.2-2.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm\nqpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm\nqpid-proton-c-0.33.0-6.el7_9.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm\nqpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm\ntfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-4.1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-4.1.el7sat.x86_64.rpm\ntfm-rubygem-facter-4.0.51-2.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.4-2.1.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.4-2.1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-puma-5.6.2-1.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-5.6.2-1.el7sat.x86_64.rpm\ntfm-rubygem-qpid_proton-0.33.0-5.el7sat.x86_64.rpm\ntfm-rubygem-qpid_proton-debuginfo-0.33.0-5.el7sat.x86_64.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm\nansible-runner-1.4.7-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.src.rpm\ncreaterepo_c-0.20.0-1.el7pc.src.rpm\ndynflow-utils-1.6.3-1.el7sat.src.rpm\nforeman-3.1.1.21-2.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.8.2-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm\nforeman-installer-3.1.2.6-1.el7sat.src.rpm\nforeman-proxy-3.1.1.1-1.el7sat.src.rpm\nforeman-selinux-3.1.2.1-1.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-4.3.0-3.el7sat.src.rpm\nkatello-certs-tools-2.9.0-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.src.rpm\nlibcomps-0.1.18-1.el7pc.src.rpm\nlibmodulemd2-2.9.3-1.el7pc.src.rpm\nlibsodium-1.0.17-3.el7sat.src.rpm\nlibsolv-0.7.22-1.el7pc.src.rpm\nlibsolv0-0.6.34-4.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\npulpcore-selinux-1.3.0-1.el7pc.src.rpm\npuppet-agent-7.12.1-1.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.src.rpm\npuppetserver-7.4.2-1.el7sat.src.rpm\npython-daemon-2.1.2-7.2.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.7.2-2.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.src.rpm\nqpid-cpp-1.36.0-32.el7_9amq.src.rpm\nqpid-dispatch-1.14.0-1.el7_9.src.rpm\nqpid-proton-0.33.0-6.el7_9.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\nsatellite-installer-6.11.0.7-1.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-pulpcore-1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm\ntfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm\ntfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm\ntfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm\ntfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm\ntfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm\ntfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm\ntfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm\ntfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm\ntfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm\ntfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm\ntfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm\ntfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm\ntfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm\ntfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm\ntfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm\ntfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm\ntfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm\ntfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm\ntfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm\ntfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm\ntfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm\ntfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm\ntfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm\ntfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm\ntfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm\ntfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm\ntfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm\ntfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm\ntfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm\ntfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm\ntfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm\ntfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm\ntfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm\ntfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm\ntfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm\ntfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm\ntfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm\ntfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm\ntfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm\ntfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm\ntfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm\ntfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm\ntfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm\ntfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm\ntfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm\ntfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm\ntfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm\ntfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm\ntfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm\ntfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm\ntfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm\ntfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm\ntfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm\ntfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm\ntfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm\ntfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm\ntfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm\ntfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm\ntfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm\ntfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm\ntfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm\ntfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.src.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm\nansible-runner-1.4.7-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el7sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el7sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el7sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-content-4.3.0-3.el7sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-selinux-3.1.2.1-1.el7sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm\nkatello-common-4.3.0-3.el7sat.noarch.rpm\nkatello-debug-4.3.0-3.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm\npuppetserver-7.4.2-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython2-ansible-runner-1.4.7-1.el7ar.noarch.rpm\npython2-daemon-2.1.2-7.2.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\nqpid-tools-1.36.0-32.el7_9amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.11.0-2.el7sat.noarch.rpm\nsatellite-common-6.11.0-2.el7sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\ntfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm\ntfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el7pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibcomps-0.1.18-1.el7pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm\nlibmodulemd2-2.9.3-1.el7pc.x86_64.rpm\nlibmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm\nlibsodium-1.0.17-3.el7sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm\nlibsolv-0.7.22-1.el7pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm\nlibsolv0-0.6.34-4.el7sat.x86_64.rpm\nlibsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm\npuppet-agent-7.12.1-1.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.33.0-6.el7_9.x86_64.rpm\npython-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-psutil-5.7.2-2.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm\nqpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm\nqpid-proton-c-0.33.0-6.el7_9.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm\nqpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm\ntfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nsatellite-clone-3.1.0-2.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nsatellite-clone-3.1.0-2.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nforeman-3.1.1.21-2.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm\n\nnoarch:\nforeman-cli-3.1.1.21-2.el7sat.noarch.rpm\nsatellite-cli-6.11.0-2.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm\n\nx86_64:\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-3.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncandlepin-4.1.13-1.el8sat.src.rpm\ncreaterepo_c-0.20.0-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.1.1.21-2.el8sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.1.2.6-1.el8sat.src.rpm\nforeman-proxy-3.1.1.1-1.el8sat.src.rpm\nforeman-selinux-3.1.2.1-1.el8sat.src.rpm\nkatello-4.3.0-3.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nkatello-selinux-4.0.2-1.el8sat.src.rpm\nlibcomps-0.1.18-1.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-1.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\npostgresql-evr-0.0.2-1.el8sat.src.rpm\npulpcore-selinux-1.3.0-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-2.el8pc.src.rpm\npython-aiofiles-0.7.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-2.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm\npython-aioredis-2.0.0-2.el8pc.src.rpm\npython-aiosignal-1.2.0-1.el8pc.src.rpm\npython-ansible-builder-1.0.1-2.el8pc.src.rpm\npython-asgiref-3.4.1-1.el8pc.src.rpm\npython-async-lru-1.0.2-2.el8pc.src.rpm\npython-async-timeout-4.0.2-1.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-2.el8pc.src.rpm\npython-attrs-21.2.0-2.el8pc.src.rpm\npython-backoff-1.11.1-1.el8pc.src.rpm\npython-bindep-2.10.1-1.el8pc.src.rpm\npython-bleach-3.3.1-1.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-2.el8pc.src.rpm\npython-bracex-2.2-1.el8pc.src.rpm\npython-brotli-1.0.9-1.el8pc.src.rpm\npython-cchardet-2.1.7-1.el8pc.src.rpm\npython-certifi-2020.6.20-2.el8pc.src.rpm\npython-cffi-1.15.0-1.el8pc.src.rpm\npython-charset-normalizer-2.0.7-1.el8pc.src.rpm\npython-click-8.0.3-1.el8pc.src.rpm\npython-click-shell-2.1-2.el8pc.src.rpm\npython-colorama-0.4.4-2.el8pc.src.rpm\npython-commonmark-0.9.1-4.el8pc.src.rpm\npython-contextlib2-21.6.0-2.el8pc.src.rpm\npython-cryptography-3.1.1-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-2.el8pc.src.rpm\npython-dateutil-2.8.2-1.el8pc.src.rpm\npython-debian-0.1.42-1.el8pc.src.rpm\npython-defusedxml-0.7.1-2.el8pc.src.rpm\npython-diff-match-patch-20200713-2.el8pc.src.rpm\npython-distro-1.6.0-2.el8pc.src.rpm\npython-django-3.2.13-1.el8pc.src.rpm\npython-django-currentuser-0.5.3-3.el8pc.src.rpm\npython-django-filter-21.1-1.el8pc.src.rpm\npython-django-guardian-2.4.0-3.el8pc.src.rpm\npython-django-guid-3.2.0-2.el8pc.src.rpm\npython-django-import-export-2.6.1-1.el8pc.src.rpm\npython-django-lifecycle-0.9.3-1.el8pc.src.rpm\npython-django-prometheus-2.1.0-2.el8pc.src.rpm\npython-django-readonly-field-1.0.5-3.el8pc.src.rpm\npython-djangorestframework-3.12.4-4.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm\npython-drf-access-policy-1.1.0-1.el8pc.src.rpm\npython-drf-nested-routers-0.93.3-3.el8pc.src.rpm\npython-drf-spectacular-0.20.1-1.el8pc.src.rpm\npython-dynaconf-3.1.7-2.el8pc.src.rpm\npython-ecdsa-0.13.3-3.el8pc.src.rpm\npython-enrich-1.2.6-3.el8pc.src.rpm\npython-et-xmlfile-1.1.0-1.el8pc.src.rpm\npython-flake8-3.9.2-3.el8pc.src.rpm\npython-frozenlist-1.3.0-1.el8pc.src.rpm\npython-future-0.18.2-4.el8pc.src.rpm\npython-galaxy-importer-0.4.1-2.el8pc.src.rpm\npython-gnupg-0.4.7-2.el8pc.src.rpm\npython-gunicorn-20.1.0-3.el8pc.src.rpm\npython-idna-3.3-1.el8pc.src.rpm\npython-idna-ssl-1.1.0-4.el8pc.src.rpm\npython-importlib-metadata-1.7.0-2.el8pc.src.rpm\npython-inflection-0.5.1-2.el8pc.src.rpm\npython-iniparse-0.4-34.el8pc.src.rpm\npython-jinja2-3.0.2-1.el8pc.src.rpm\npython-jsonschema-3.2.0-7.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-1.el8pc.src.rpm\npython-markdown-3.3.4-4.el8pc.src.rpm\npython-markuppy-1.14-2.el8pc.src.rpm\npython-markupsafe-2.0.1-2.el8pc.src.rpm\npython-mccabe-0.6.1-2.el8pc.src.rpm\npython-multidict-5.2.0-1.el8pc.src.rpm\npython-naya-1.1.1-1.el8pc.src.rpm\npython-odfpy-1.4.1-5.el8pc.src.rpm\npython-openpyxl-3.0.9-1.el8pc.src.rpm\npython-packaging-21.2-1.el8pc.src.rpm\npython-parsley-1.3-1.el8pc.src.rpm\npython-pbr-5.6.0-1.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-2.el8pc.src.rpm\npython-prometheus-client-0.8.0-2.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.1-1.el8pc.src.rpm\npython-pulp-ansible-0.10.1-1.el8pc.src.rpm\npython-pulp-certguard-1.5.1-1.el8pc.src.rpm\npython-pulp-cli-0.14.0-1.el8pc.src.rpm\npython-pulp-container-2.9.2-1.el8pc.src.rpm\npython-pulp-deb-2.16.1-1.el8pc.src.rpm\npython-pulp-file-1.10.1-1.el8pc.src.rpm\npython-pulp-rpm-3.17.5-1.1.el8pc.src.rpm\npython-pulpcore-3.16.9-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-2.el8pc.src.rpm\npython-pycairo-1.20.1-2.el8pc.src.rpm\npython-pycares-4.1.2-3.el8pc.src.rpm\npython-pycodestyle-2.7.0-4.el8pc.src.rpm\npython-pycparser-2.20-2.el8pc.src.rpm\npython-pycryptodomex-3.11.0-1.el8pc.src.rpm\npython-pyflakes-2.3.1-4.el8pc.src.rpm\npython-pygments-2.10.0-2.el8pc.src.rpm\npython-pygobject-3.40.1-1.el8pc.src.rpm\npython-pygtrie-2.4.2-2.el8pc.src.rpm\npython-pyjwkest-1.4.2-5.el8pc.src.rpm\npython-pyjwt-1.7.1-7.el8pc.src.rpm\npython-pyparsing-2.4.7-2.el8pc.src.rpm\npython-pyrsistent-0.18.0-1.el8pc.src.rpm\npython-pytz-2021.3-1.el8pc.src.rpm\npython-pyyaml-5.4.1-3.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-2.el8pc.src.rpm\npython-requests-2.26.0-3.el8pc.src.rpm\npython-requirements-parser-0.2.0-2.el8pc.src.rpm\npython-rhsm-1.19.2-2.el8pc.src.rpm\npython-rich-10.12.0-1.el8pc.src.rpm\npython-ruamel-yaml-0.17.17-1.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm\npython-schema-0.7.5-1.el8pc.src.rpm\npython-semantic-version-2.8.5-2.el8pc.src.rpm\npython-six-1.16.0-1.el8pc.src.rpm\npython-sqlparse-0.4.2-2.el8pc.src.rpm\npython-tablib-3.1.0-1.el8pc.src.rpm\npython-tenacity-7.0.0-2.el8pc.src.rpm\npython-toml-0.10.2-2.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-1.el8pc.src.rpm\npython-uritemplate-4.1.1-1.el8pc.src.rpm\npython-url-normalize-1.4.3-3.el8pc.src.rpm\npython-urllib3-1.26.7-1.el8pc.src.rpm\npython-urlman-1.4.0-2.el8pc.src.rpm\npython-wcmatch-8.3-1.el8pc.src.rpm\npython-webencodings-0.5.1-2.el8pc.src.rpm\npython-whitenoise-5.3.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-4.el8pc.src.rpm\npython-xlwt-1.3.0-2.el8pc.src.rpm\npython-yarl-1.7.2-1.el8pc.src.rpm\npython-zipp-3.4.0-3.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.src.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.src.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.src.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.src.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.src.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.src.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.src.rpm\nrubygem-addressable-2.8.0-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-ancestry-3.0.7-2.el8sat.src.rpm\nrubygem-anemone-0.7.2-23.el8sat.src.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.src.rpm\nrubygem-audited-4.9.0-4.el8sat.src.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm\nrubygem-builder-3.2.4-2.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.src.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.src.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm\nrubygem-colorize-0.8.1-2.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.src.rpm\nrubygem-crass-1.0.6-2.el8sat.src.rpm\nrubygem-css_parser-1.4.7-5.el8sat.src.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.src.rpm\nrubygem-deacon-1.0.0-5.el8sat.src.rpm\nrubygem-declarative-0.0.10-3.el8sat.src.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.src.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm\nrubygem-deface-1.5.3-3.el8sat.src.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-erubi-1.9.0-2.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-execjs-2.7.0-5.el8sat.src.rpm\nrubygem-facter-4.0.51-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.src.rpm\nrubygem-fog-core-2.1.0-4.el8sat.src.rpm\nrubygem-fog-google-1.11.0-2.el8sat.src.rpm\nrubygem-fog-json-1.2.0-4.el8sat.src.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.src.rpm\nrubygem-fog-ovirt-2.0.1-2.el8sat.src.rpm\nrubygem-fog-vsphere-3.5.1-1.el8sat.src.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.src.rpm\nrubygem-foreman-tasks-5.2.3-1.el8sat.src.rpm\nrubygem-foreman_ansible-7.0.4.1-1.el8sat.src.rpm\nrubygem-foreman_azure_rm-2.2.6-1.el8sat.src.rpm\nrubygem-foreman_bootdisk-19.0.4.1-1.el8sat.src.rpm\nrubygem-foreman_discovery-19.0.4-1.el8sat.src.rpm\nrubygem-foreman_hooks-0.3.17-2.el8sat.src.rpm\nrubygem-foreman_kubevirt-0.1.9-2.el8sat.src.rpm\nrubygem-foreman_leapp-0.1.9-1.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-foreman_openscap-5.1.1-1.el8sat.src.rpm\nrubygem-foreman_puppet-2.0.6-1.el8sat.src.rpm\nrubygem-foreman_remote_execution-5.0.7-1.el8sat.src.rpm\nrubygem-foreman_rh_cloud-5.0.39-1.el8sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm\nrubygem-foreman_templates-9.1.0-1.el8sat.src.rpm\nrubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.src.rpm\nrubygem-foreman_virt_who_configure-0.5.8-1.el8sat.src.rpm\nrubygem-foreman_webhooks-2.0.1-1.1.el8sat.src.rpm\nrubygem-formatador-0.2.1-13.el8sat.src.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.src.rpm\nrubygem-fx-0.5.0-2.el8sat.src.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm\nrubygem-git-1.5.0-2.el8sat.src.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm\nrubygem-globalid-0.4.2-2.el8sat.src.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.src.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm\nrubygem-googleauth-0.13.1-2.el8sat.src.rpm\nrubygem-graphql-1.8.14-3.el8sat.src.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-hocon-1.3.1-2.el8sat.src.rpm\nrubygem-http-3.3.0-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.src.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm\nrubygem-httpclient-2.8.3-4.el8sat.src.rpm\nrubygem-i18n-1.8.2-2.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-ipaddress-0.8.0-13.el8sat.src.rpm\nrubygem-jgrep-1.3.3-11.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-katello-4.3.0.42-1.el8sat.src.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.src.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-loofah-2.4.0-2.el8sat.src.rpm\nrubygem-mail-2.7.1-2.el8sat.src.rpm\nrubygem-marcel-1.0.1-1.el8sat.src.rpm\nrubygem-memoist-0.16.0-3.el8sat.src.rpm\nrubygem-method_source-0.9.2-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.src.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.src.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.src.rpm\nrubygem-net-ping-2.0.1-5.el8sat.src.rpm\nrubygem-net-scp-1.2.1-5.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.src.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-optimist-3.0.0-3.el8sat.src.rpm\nrubygem-os-1.0.0-3.el8sat.src.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm\nrubygem-parallel-1.19.1-2.el8sat.src.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.src.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.src.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.src.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.src.rpm\nrubygem-pulp_ansible_client-0.10.1-1.el8sat.src.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm\nrubygem-pulp_container_client-2.9.0-1.el8sat.src.rpm\nrubygem-pulp_deb_client-2.16.0-1.el8sat.src.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm\nrubygem-pulp_python_client-3.5.2-1.el8sat.src.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm\nrubygem-pulpcore_client-3.16.7-1.el8sat.src.rpm\nrubygem-puma-5.6.2-1.el8sat.src.rpm\nrubygem-puma-status-1.3-1.el8sat.src.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.src.rpm\nrubygem-quantile-0.2.0-5.el8sat.src.rpm\nrubygem-rabl-0.14.3-2.el8sat.src.rpm\nrubygem-rack-2.2.3-2.el8sat.src.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.src.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.src.rpm\nrubygem-rack-test-1.1.0-5.el8sat.src.rpm\nrubygem-rails-6.0.4.7-1.el8sat.src.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm\nrubygem-rails-html-sanitizer-1.3.0-2.el8sat.src.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.src.rpm\nrubygem-railties-6.0.4.7-1.el8sat.src.rpm\nrubygem-rainbow-2.2.2-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.src.rpm\nrubygem-record_tag_helper-1.0.1-4.el8sat.src.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-redis-4.5.1-1.el8sat.src.rpm\nrubygem-representable-3.0.4-3.el8sat.src.rpm\nrubygem-responders-3.0.0-4.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-retriable-3.1.2-3.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-roadie-3.4.0-4.el8sat.src.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.src.rpm\nrubygem-robotex-1.0.0-22.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-runcible-2.13.1-2.el8sat.src.rpm\nrubygem-safemode-1.3.6-2.el8sat.src.rpm\nrubygem-scoped_search-4.1.9-2.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.src.rpm\nrubygem-sequel-5.42.0-2.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.src.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.src.rpm\nrubygem-signet-0.14.0-2.el8sat.src.rpm\nrubygem-sinatra-2.1.0-3.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sprockets-4.0.2-2.el8sat.src.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm\nrubygem-sshkey-1.9.0-5.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-stomp-1.4.9-2.el8sat.src.rpm\nrubygem-thor-1.0.1-3.el8sat.src.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-timeliness-0.3.10-2.el8sat.src.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.src.rpm\nrubygem-uber-0.1.0-3.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.src.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\nsatellite-installer-6.11.0.7-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-3.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\ncandlepin-4.1.13-1.el8sat.noarch.rpm\ncandlepin-selinux-4.1.13-1.el8sat.noarch.rpm\nforeman-3.1.1.21-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm\nforeman-cli-3.1.1.21-2.el8sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-dynflow-sidekiq-3.1.1.21-2.el8sat.noarch.rpm\nforeman-ec2-3.1.1.21-2.el8sat.noarch.rpm\nforeman-gce-3.1.1.21-2.el8sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el8sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm\nforeman-journald-3.1.1.21-2.el8sat.noarch.rpm\nforeman-libvirt-3.1.1.21-2.el8sat.noarch.rpm\nforeman-openstack-3.1.1.21-2.el8sat.noarch.rpm\nforeman-ovirt-3.1.1.21-2.el8sat.noarch.rpm\nforeman-postgresql-3.1.1.21-2.el8sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm\nforeman-selinux-3.1.2.1-1.el8sat.noarch.rpm\nforeman-service-3.1.1.21-2.el8sat.noarch.rpm\nforeman-telemetry-3.1.1.21-2.el8sat.noarch.rpm\nforeman-vmware-3.1.1.21-2.el8sat.noarch.rpm\nkatello-4.3.0-3.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.3.0-3.el8sat.noarch.rpm\nkatello-debug-4.3.0-3.el8sat.noarch.rpm\nkatello-selinux-4.0.2-1.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython38-aiodns-3.0.0-2.el8pc.noarch.rpm\npython38-aiofiles-0.7.0-2.el8pc.noarch.rpm\npython38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm\npython38-aioredis-2.0.0-2.el8pc.noarch.rpm\npython38-aiosignal-1.2.0-1.el8pc.noarch.rpm\npython38-ansible-builder-1.0.1-2.el8pc.noarch.rpm\npython38-asgiref-3.4.1-1.el8pc.noarch.rpm\npython38-async-lru-1.0.2-2.el8pc.noarch.rpm\npython38-async-timeout-4.0.2-1.el8pc.noarch.rpm\npython38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm\npython38-attrs-21.2.0-2.el8pc.noarch.rpm\npython38-backoff-1.11.1-1.el8pc.noarch.rpm\npython38-bindep-2.10.1-1.el8pc.noarch.rpm\npython38-bleach-3.3.1-1.el8pc.noarch.rpm\npython38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm\npython38-bracex-2.2-1.el8pc.noarch.rpm\npython38-certifi-2020.6.20-2.el8pc.noarch.rpm\npython38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm\npython38-click-8.0.3-1.el8pc.noarch.rpm\npython38-click-shell-2.1-2.el8pc.noarch.rpm\npython38-colorama-0.4.4-2.el8pc.noarch.rpm\npython38-commonmark-0.9.1-4.el8pc.noarch.rpm\npython38-contextlib2-21.6.0-2.el8pc.noarch.rpm\npython38-dataclasses-0.8-2.el8pc.noarch.rpm\npython38-dateutil-2.8.2-1.el8pc.noarch.rpm\npython38-debian-0.1.42-1.el8pc.noarch.rpm\npython38-defusedxml-0.7.1-2.el8pc.noarch.rpm\npython38-diff-match-patch-20200713-2.el8pc.noarch.rpm\npython38-distro-1.6.0-2.el8pc.noarch.rpm\npython38-django-3.2.13-1.el8pc.noarch.rpm\npython38-django-currentuser-0.5.3-3.el8pc.noarch.rpm\npython38-django-filter-21.1-1.el8pc.noarch.rpm\npython38-django-guardian-2.4.0-3.el8pc.noarch.rpm\npython38-django-guid-3.2.0-2.el8pc.noarch.rpm\npython38-django-import-export-2.6.1-1.el8pc.noarch.rpm\npython38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm\npython38-django-prometheus-2.1.0-2.el8pc.noarch.rpm\npython38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm\npython38-djangorestframework-3.12.4-4.el8pc.noarch.rpm\npython38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm\npython38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm\npython38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm\npython38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm\npython38-dynaconf-3.1.7-2.el8pc.noarch.rpm\npython38-ecdsa-0.13.3-3.el8pc.noarch.rpm\npython38-enrich-1.2.6-3.el8pc.noarch.rpm\npython38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm\npython38-flake8-3.9.2-3.el8pc.noarch.rpm\npython38-future-0.18.2-4.el8pc.noarch.rpm\npython38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm\npython38-gnupg-0.4.7-2.el8pc.noarch.rpm\npython38-gunicorn-20.1.0-3.el8pc.noarch.rpm\npython38-idna-3.3-1.el8pc.noarch.rpm\npython38-idna-ssl-1.1.0-4.el8pc.noarch.rpm\npython38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm\npython38-inflection-0.5.1-2.el8pc.noarch.rpm\npython38-iniparse-0.4-34.el8pc.noarch.rpm\npython38-jinja2-3.0.2-1.el8pc.noarch.rpm\npython38-jsonschema-3.2.0-7.el8pc.noarch.rpm\npython38-markdown-3.3.4-4.el8pc.noarch.rpm\npython38-markuppy-1.14-2.el8pc.noarch.rpm\npython38-mccabe-0.6.1-2.el8pc.noarch.rpm\npython38-naya-1.1.1-1.el8pc.noarch.rpm\npython38-odfpy-1.4.1-5.el8pc.noarch.rpm\npython38-openpyxl-3.0.9-1.el8pc.noarch.rpm\npython38-packaging-21.2-1.el8pc.noarch.rpm\npython38-parsley-1.3-1.el8pc.noarch.rpm\npython38-pbr-5.6.0-1.el8pc.noarch.rpm\npython38-productmd-1.33-2.el8pc.noarch.rpm\npython38-prometheus-client-0.8.0-2.el8pc.noarch.rpm\npython38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm\npython38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm\npython38-pulp-cli-0.14.0-1.el8pc.noarch.rpm\npython38-pulp-container-2.9.2-1.el8pc.noarch.rpm\npython38-pulp-deb-2.16.1-1.el8pc.noarch.rpm\npython38-pulp-file-1.10.1-1.el8pc.noarch.rpm\npython38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm\npython38-pulpcore-3.16.9-1.el8pc.noarch.rpm\npython38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm\npython38-pycodestyle-2.7.0-4.el8pc.noarch.rpm\npython38-pycparser-2.20-2.el8pc.noarch.rpm\npython38-pyflakes-2.3.1-4.el8pc.noarch.rpm\npython38-pygments-2.10.0-2.el8pc.noarch.rpm\npython38-pygtrie-2.4.2-2.el8pc.noarch.rpm\npython38-pyjwkest-1.4.2-5.el8pc.noarch.rpm\npython38-pyjwt-1.7.1-7.el8pc.noarch.rpm\npython38-pyparsing-2.4.7-2.el8pc.noarch.rpm\npython38-pytz-2021.3-1.el8pc.noarch.rpm\npython38-redis-3.5.3-2.el8pc.noarch.rpm\npython38-requests-2.26.0-3.el8pc.noarch.rpm\npython38-requirements-parser-0.2.0-2.el8pc.noarch.rpm\npython38-rich-10.12.0-1.el8pc.noarch.rpm\npython38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm\npython38-schema-0.7.5-1.el8pc.noarch.rpm\npython38-semantic-version-2.8.5-2.el8pc.noarch.rpm\npython38-six-1.16.0-1.el8pc.noarch.rpm\npython38-sqlparse-0.4.2-2.el8pc.noarch.rpm\npython38-tablib-3.1.0-1.el8pc.noarch.rpm\npython38-tenacity-7.0.0-2.el8pc.noarch.rpm\npython38-toml-0.10.2-2.el8pc.noarch.rpm\npython38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm\npython38-uritemplate-4.1.1-1.el8pc.noarch.rpm\npython38-url-normalize-1.4.3-3.el8pc.noarch.rpm\npython38-urllib3-1.26.7-1.el8pc.noarch.rpm\npython38-urlman-1.4.0-2.el8pc.noarch.rpm\npython38-wcmatch-8.3-1.el8pc.noarch.rpm\npython38-webencodings-0.5.1-2.el8pc.noarch.rpm\npython38-whitenoise-5.3.0-1.el8pc.noarch.rpm\npython38-xlrd-2.0.1-4.el8pc.noarch.rpm\npython38-xlwt-1.3.0-2.el8pc.noarch.rpm\npython38-zipp-3.4.0-3.el8pc.noarch.rpm\nqpid-dispatch-tools-1.14.0-6.el8.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm\nrubygem-addressable-2.8.0-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-ancestry-3.0.7-2.el8sat.noarch.rpm\nrubygem-anemone-0.7.2-23.el8sat.noarch.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm\nrubygem-audited-4.9.0-4.el8sat.noarch.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm\nrubygem-builder-3.2.4-2.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm\nrubygem-colorize-0.8.1-2.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm\nrubygem-crass-1.0.6-2.el8sat.noarch.rpm\nrubygem-css_parser-1.4.7-5.el8sat.noarch.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm\nrubygem-deacon-1.0.0-5.el8sat.noarch.rpm\nrubygem-declarative-0.0.10-3.el8sat.noarch.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm\nrubygem-deface-1.5.3-3.el8sat.noarch.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-erubi-1.9.0-2.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-execjs-2.7.0-5.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm\nrubygem-fog-core-2.1.0-4.el8sat.noarch.rpm\nrubygem-fog-google-1.11.0-2.el8sat.noarch.rpm\nrubygem-fog-json-1.2.0-4.el8sat.noarch.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm\nrubygem-fog-ovirt-2.0.1-2.el8sat.noarch.rpm\nrubygem-fog-vsphere-3.5.1-1.el8sat.noarch.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm\nrubygem-foreman-tasks-5.2.3-1.el8sat.noarch.rpm\nrubygem-foreman_ansible-7.0.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_azure_rm-2.2.6-1.el8sat.noarch.rpm\nrubygem-foreman_bootdisk-19.0.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_discovery-19.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_hooks-0.3.17-2.el8sat.noarch.rpm\nrubygem-foreman_kubevirt-0.1.9-2.el8sat.noarch.rpm\nrubygem-foreman_leapp-0.1.9-1.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-foreman_openscap-5.1.1-1.el8sat.noarch.rpm\nrubygem-foreman_puppet-2.0.6-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-5.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-cockpit-5.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_rh_cloud-5.0.39-1.el8sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm\nrubygem-foreman_templates-9.1.0-1.el8sat.noarch.rpm\nrubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.noarch.rpm\nrubygem-foreman_virt_who_configure-0.5.8-1.el8sat.noarch.rpm\nrubygem-foreman_webhooks-2.0.1-1.1.el8sat.noarch.rpm\nrubygem-formatador-0.2.1-13.el8sat.noarch.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm\nrubygem-fx-0.5.0-2.el8sat.noarch.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm\nrubygem-git-1.5.0-2.el8sat.noarch.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm\nrubygem-globalid-0.4.2-2.el8sat.noarch.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm\nrubygem-googleauth-0.13.1-2.el8sat.noarch.rpm\nrubygem-graphql-1.8.14-3.el8sat.noarch.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-hocon-1.3.1-2.el8sat.noarch.rpm\nrubygem-http-3.3.0-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm\nrubygem-httpclient-2.8.3-4.el8sat.noarch.rpm\nrubygem-i18n-1.8.2-2.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-ipaddress-0.8.0-13.el8sat.noarch.rpm\nrubygem-jgrep-1.3.3-11.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-katello-4.3.0.42-1.el8sat.noarch.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-loofah-2.4.0-2.el8sat.noarch.rpm\nrubygem-mail-2.7.1-2.el8sat.noarch.rpm\nrubygem-marcel-1.0.1-1.el8sat.noarch.rpm\nrubygem-memoist-0.16.0-3.el8sat.noarch.rpm\nrubygem-method_source-0.9.2-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm\nrubygem-net-ping-2.0.1-5.el8sat.noarch.rpm\nrubygem-net-scp-1.2.1-5.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-optimist-3.0.0-3.el8sat.noarch.rpm\nrubygem-os-1.0.0-3.el8sat.noarch.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm\nrubygem-parallel-1.19.1-2.el8sat.noarch.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm\nrubygem-pulp_ansible_client-0.10.1-1.el8sat.noarch.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm\nrubygem-pulp_container_client-2.9.0-1.el8sat.noarch.rpm\nrubygem-pulp_deb_client-2.16.0-1.el8sat.noarch.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm\nrubygem-pulp_python_client-3.5.2-1.el8sat.noarch.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm\nrubygem-pulpcore_client-3.16.7-1.el8sat.noarch.rpm\nrubygem-puma-status-1.3-1.el8sat.noarch.rpm\nrubygem-quantile-0.2.0-5.el8sat.noarch.rpm\nrubygem-rabl-0.14.3-2.el8sat.noarch.rpm\nrubygem-rack-2.2.3-2.el8sat.noarch.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm\nrubygem-rack-test-1.1.0-5.el8sat.noarch.rpm\nrubygem-rails-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm\nrubygem-rails-html-sanitizer-1.3.0-2.el8sat.noarch.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm\nrubygem-railties-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rainbow-2.2.2-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm\nrubygem-record_tag_helper-1.0.1-4.el8sat.noarch.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-redis-4.5.1-1.el8sat.noarch.rpm\nrubygem-representable-3.0.4-3.el8sat.noarch.rpm\nrubygem-responders-3.0.0-4.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-retriable-3.1.2-3.el8sat.noarch.rpm\nrubygem-roadie-3.4.0-4.el8sat.noarch.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm\nrubygem-robotex-1.0.0-22.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-runcible-2.13.1-2.el8sat.noarch.rpm\nrubygem-safemode-1.3.6-2.el8sat.noarch.rpm\nrubygem-scoped_search-4.1.9-2.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm\nrubygem-sequel-5.42.0-2.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm\nrubygem-signet-0.14.0-2.el8sat.noarch.rpm\nrubygem-sinatra-2.1.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-sprockets-4.0.2-2.el8sat.noarch.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm\nrubygem-sshkey-1.9.0-5.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-stomp-1.4.9-2.el8sat.noarch.rpm\nrubygem-thor-1.0.1-3.el8sat.noarch.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-timeliness-0.3.10-2.el8sat.noarch.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm\nrubygem-uber-0.1.0-3.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm\nsatellite-6.11.0-2.el8sat.noarch.rpm\nsatellite-cli-6.11.0-2.el8sat.noarch.rpm\nsatellite-common-6.11.0-2.el8sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\npostgresql-evr-0.0.2-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm\npython-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm\npython-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-1.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-aiohttp-3.8.1-2.el8pc.x86_64.rpm\npython38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm\npython38-brotli-1.0.9-1.el8pc.x86_64.rpm\npython38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm\npython38-cchardet-2.1.7-1.el8pc.x86_64.rpm\npython38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm\npython38-cffi-1.15.0-1.el8pc.x86_64.rpm\npython38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython38-cryptography-3.1.1-1.el8pc.x86_64.rpm\npython38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm\npython38-frozenlist-1.3.0-1.el8pc.x86_64.rpm\npython38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm\npython38-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython38-lxml-4.7.1-1.el8pc.x86_64.rpm\npython38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm\npython38-markupsafe-2.0.1-2.el8pc.x86_64.rpm\npython38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython38-multidict-5.2.0-1.el8pc.x86_64.rpm\npython38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm\npython38-psycopg2-2.9.1-1.el8pc.x86_64.rpm\npython38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm\npython38-pycairo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycares-4.1.2-3.el8pc.x86_64.rpm\npython38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm\npython38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm\npython38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm\npython38-pygobject-3.40.1-1.el8pc.x86_64.rpm\npython38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm\npython38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm\npython38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm\npython38-pyyaml-5.4.1-3.el8pc.x86_64.rpm\npython38-rhsm-1.19.2-2.el8pc.x86_64.rpm\npython38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm\npython38-solv-0.7.22-1.el8pc.x86_64.rpm\npython38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-yarl-1.7.2-1.el8pc.x86_64.rpm\npython38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-facter-4.0.51-2.el8sat.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-puma-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-3.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncreaterepo_c-0.20.0-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.1.1.21-2.el8sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.1.2.6-1.el8sat.src.rpm\nforeman-proxy-3.1.1.1-1.el8sat.src.rpm\nforeman-selinux-3.1.2.1-1.el8sat.src.rpm\nkatello-4.3.0-3.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nlibcomps-0.1.18-1.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-1.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\npulpcore-selinux-1.3.0-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-2.el8pc.src.rpm\npython-aiofiles-0.7.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-2.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm\npython-aioredis-2.0.0-2.el8pc.src.rpm\npython-aiosignal-1.2.0-1.el8pc.src.rpm\npython-ansible-builder-1.0.1-2.el8pc.src.rpm\npython-asgiref-3.4.1-1.el8pc.src.rpm\npython-async-lru-1.0.2-2.el8pc.src.rpm\npython-async-timeout-4.0.2-1.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-2.el8pc.src.rpm\npython-attrs-21.2.0-2.el8pc.src.rpm\npython-backoff-1.11.1-1.el8pc.src.rpm\npython-bindep-2.10.1-1.el8pc.src.rpm\npython-bleach-3.3.1-1.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-2.el8pc.src.rpm\npython-bracex-2.2-1.el8pc.src.rpm\npython-brotli-1.0.9-1.el8pc.src.rpm\npython-cchardet-2.1.7-1.el8pc.src.rpm\npython-certifi-2020.6.20-2.el8pc.src.rpm\npython-cffi-1.15.0-1.el8pc.src.rpm\npython-charset-normalizer-2.0.7-1.el8pc.src.rpm\npython-click-8.0.3-1.el8pc.src.rpm\npython-click-shell-2.1-2.el8pc.src.rpm\npython-colorama-0.4.4-2.el8pc.src.rpm\npython-commonmark-0.9.1-4.el8pc.src.rpm\npython-contextlib2-21.6.0-2.el8pc.src.rpm\npython-cryptography-3.1.1-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-2.el8pc.src.rpm\npython-dateutil-2.8.2-1.el8pc.src.rpm\npython-debian-0.1.42-1.el8pc.src.rpm\npython-defusedxml-0.7.1-2.el8pc.src.rpm\npython-diff-match-patch-20200713-2.el8pc.src.rpm\npython-distro-1.6.0-2.el8pc.src.rpm\npython-django-3.2.13-1.el8pc.src.rpm\npython-django-currentuser-0.5.3-3.el8pc.src.rpm\npython-django-filter-21.1-1.el8pc.src.rpm\npython-django-guardian-2.4.0-3.el8pc.src.rpm\npython-django-guid-3.2.0-2.el8pc.src.rpm\npython-django-import-export-2.6.1-1.el8pc.src.rpm\npython-django-lifecycle-0.9.3-1.el8pc.src.rpm\npython-django-prometheus-2.1.0-2.el8pc.src.rpm\npython-django-readonly-field-1.0.5-3.el8pc.src.rpm\npython-djangorestframework-3.12.4-4.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm\npython-drf-access-policy-1.1.0-1.el8pc.src.rpm\npython-drf-nested-routers-0.93.3-3.el8pc.src.rpm\npython-drf-spectacular-0.20.1-1.el8pc.src.rpm\npython-dynaconf-3.1.7-2.el8pc.src.rpm\npython-ecdsa-0.13.3-3.el8pc.src.rpm\npython-enrich-1.2.6-3.el8pc.src.rpm\npython-et-xmlfile-1.1.0-1.el8pc.src.rpm\npython-flake8-3.9.2-3.el8pc.src.rpm\npython-frozenlist-1.3.0-1.el8pc.src.rpm\npython-future-0.18.2-4.el8pc.src.rpm\npython-galaxy-importer-0.4.1-2.el8pc.src.rpm\npython-gnupg-0.4.7-2.el8pc.src.rpm\npython-gunicorn-20.1.0-3.el8pc.src.rpm\npython-idna-3.3-1.el8pc.src.rpm\npython-idna-ssl-1.1.0-4.el8pc.src.rpm\npython-importlib-metadata-1.7.0-2.el8pc.src.rpm\npython-inflection-0.5.1-2.el8pc.src.rpm\npython-iniparse-0.4-34.el8pc.src.rpm\npython-jinja2-3.0.2-1.el8pc.src.rpm\npython-jsonschema-3.2.0-7.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-1.el8pc.src.rpm\npython-markdown-3.3.4-4.el8pc.src.rpm\npython-markuppy-1.14-2.el8pc.src.rpm\npython-markupsafe-2.0.1-2.el8pc.src.rpm\npython-mccabe-0.6.1-2.el8pc.src.rpm\npython-multidict-5.2.0-1.el8pc.src.rpm\npython-naya-1.1.1-1.el8pc.src.rpm\npython-odfpy-1.4.1-5.el8pc.src.rpm\npython-openpyxl-3.0.9-1.el8pc.src.rpm\npython-packaging-21.2-1.el8pc.src.rpm\npython-parsley-1.3-1.el8pc.src.rpm\npython-pbr-5.6.0-1.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-2.el8pc.src.rpm\npython-prometheus-client-0.8.0-2.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.1-1.el8pc.src.rpm\npython-pulp-ansible-0.10.1-1.el8pc.src.rpm\npython-pulp-certguard-1.5.1-1.el8pc.src.rpm\npython-pulp-cli-0.14.0-1.el8pc.src.rpm\npython-pulp-container-2.9.2-1.el8pc.src.rpm\npython-pulp-deb-2.16.1-1.el8pc.src.rpm\npython-pulp-file-1.10.1-1.el8pc.src.rpm\npython-pulp-rpm-3.17.5-1.1.el8pc.src.rpm\npython-pulpcore-3.16.9-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-2.el8pc.src.rpm\npython-pycairo-1.20.1-2.el8pc.src.rpm\npython-pycares-4.1.2-3.el8pc.src.rpm\npython-pycodestyle-2.7.0-4.el8pc.src.rpm\npython-pycparser-2.20-2.el8pc.src.rpm\npython-pycryptodomex-3.11.0-1.el8pc.src.rpm\npython-pyflakes-2.3.1-4.el8pc.src.rpm\npython-pygments-2.10.0-2.el8pc.src.rpm\npython-pygobject-3.40.1-1.el8pc.src.rpm\npython-pygtrie-2.4.2-2.el8pc.src.rpm\npython-pyjwkest-1.4.2-5.el8pc.src.rpm\npython-pyjwt-1.7.1-7.el8pc.src.rpm\npython-pyparsing-2.4.7-2.el8pc.src.rpm\npython-pyrsistent-0.18.0-1.el8pc.src.rpm\npython-pytz-2021.3-1.el8pc.src.rpm\npython-pyyaml-5.4.1-3.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-2.el8pc.src.rpm\npython-requests-2.26.0-3.el8pc.src.rpm\npython-requirements-parser-0.2.0-2.el8pc.src.rpm\npython-rhsm-1.19.2-2.el8pc.src.rpm\npython-rich-10.12.0-1.el8pc.src.rpm\npython-ruamel-yaml-0.17.17-1.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm\npython-schema-0.7.5-1.el8pc.src.rpm\npython-semantic-version-2.8.5-2.el8pc.src.rpm\npython-six-1.16.0-1.el8pc.src.rpm\npython-sqlparse-0.4.2-2.el8pc.src.rpm\npython-tablib-3.1.0-1.el8pc.src.rpm\npython-tenacity-7.0.0-2.el8pc.src.rpm\npython-toml-0.10.2-2.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-1.el8pc.src.rpm\npython-uritemplate-4.1.1-1.el8pc.src.rpm\npython-url-normalize-1.4.3-3.el8pc.src.rpm\npython-urllib3-1.26.7-1.el8pc.src.rpm\npython-urlman-1.4.0-2.el8pc.src.rpm\npython-wcmatch-8.3-1.el8pc.src.rpm\npython-webencodings-0.5.1-2.el8pc.src.rpm\npython-whitenoise-5.3.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-4.el8pc.src.rpm\npython-xlwt-1.3.0-2.el8pc.src.rpm\npython-yarl-1.7.2-1.el8pc.src.rpm\npython-zipp-3.4.0-3.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rack-2.2.3-2.el8sat.src.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-sequel-5.42.0-2.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sinatra-2.1.0-3.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\nsatellite-installer-6.11.0.7-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-3.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el8sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-content-4.3.0-3.el8sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-selinux-3.1.2.1-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.3.0-3.el8sat.noarch.rpm\nkatello-debug-4.3.0-3.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython38-aiodns-3.0.0-2.el8pc.noarch.rpm\npython38-aiofiles-0.7.0-2.el8pc.noarch.rpm\npython38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm\npython38-aioredis-2.0.0-2.el8pc.noarch.rpm\npython38-aiosignal-1.2.0-1.el8pc.noarch.rpm\npython38-ansible-builder-1.0.1-2.el8pc.noarch.rpm\npython38-asgiref-3.4.1-1.el8pc.noarch.rpm\npython38-async-lru-1.0.2-2.el8pc.noarch.rpm\npython38-async-timeout-4.0.2-1.el8pc.noarch.rpm\npython38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm\npython38-attrs-21.2.0-2.el8pc.noarch.rpm\npython38-backoff-1.11.1-1.el8pc.noarch.rpm\npython38-bindep-2.10.1-1.el8pc.noarch.rpm\npython38-bleach-3.3.1-1.el8pc.noarch.rpm\npython38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm\npython38-bracex-2.2-1.el8pc.noarch.rpm\npython38-certifi-2020.6.20-2.el8pc.noarch.rpm\npython38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm\npython38-click-8.0.3-1.el8pc.noarch.rpm\npython38-click-shell-2.1-2.el8pc.noarch.rpm\npython38-colorama-0.4.4-2.el8pc.noarch.rpm\npython38-commonmark-0.9.1-4.el8pc.noarch.rpm\npython38-contextlib2-21.6.0-2.el8pc.noarch.rpm\npython38-dataclasses-0.8-2.el8pc.noarch.rpm\npython38-dateutil-2.8.2-1.el8pc.noarch.rpm\npython38-debian-0.1.42-1.el8pc.noarch.rpm\npython38-defusedxml-0.7.1-2.el8pc.noarch.rpm\npython38-diff-match-patch-20200713-2.el8pc.noarch.rpm\npython38-distro-1.6.0-2.el8pc.noarch.rpm\npython38-django-3.2.13-1.el8pc.noarch.rpm\npython38-django-currentuser-0.5.3-3.el8pc.noarch.rpm\npython38-django-filter-21.1-1.el8pc.noarch.rpm\npython38-django-guardian-2.4.0-3.el8pc.noarch.rpm\npython38-django-guid-3.2.0-2.el8pc.noarch.rpm\npython38-django-import-export-2.6.1-1.el8pc.noarch.rpm\npython38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm\npython38-django-prometheus-2.1.0-2.el8pc.noarch.rpm\npython38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm\npython38-djangorestframework-3.12.4-4.el8pc.noarch.rpm\npython38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm\npython38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm\npython38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm\npython38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm\npython38-dynaconf-3.1.7-2.el8pc.noarch.rpm\npython38-ecdsa-0.13.3-3.el8pc.noarch.rpm\npython38-enrich-1.2.6-3.el8pc.noarch.rpm\npython38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm\npython38-flake8-3.9.2-3.el8pc.noarch.rpm\npython38-future-0.18.2-4.el8pc.noarch.rpm\npython38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm\npython38-gnupg-0.4.7-2.el8pc.noarch.rpm\npython38-gunicorn-20.1.0-3.el8pc.noarch.rpm\npython38-idna-3.3-1.el8pc.noarch.rpm\npython38-idna-ssl-1.1.0-4.el8pc.noarch.rpm\npython38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm\npython38-inflection-0.5.1-2.el8pc.noarch.rpm\npython38-iniparse-0.4-34.el8pc.noarch.rpm\npython38-jinja2-3.0.2-1.el8pc.noarch.rpm\npython38-jsonschema-3.2.0-7.el8pc.noarch.rpm\npython38-markdown-3.3.4-4.el8pc.noarch.rpm\npython38-markuppy-1.14-2.el8pc.noarch.rpm\npython38-mccabe-0.6.1-2.el8pc.noarch.rpm\npython38-naya-1.1.1-1.el8pc.noarch.rpm\npython38-odfpy-1.4.1-5.el8pc.noarch.rpm\npython38-openpyxl-3.0.9-1.el8pc.noarch.rpm\npython38-packaging-21.2-1.el8pc.noarch.rpm\npython38-parsley-1.3-1.el8pc.noarch.rpm\npython38-pbr-5.6.0-1.el8pc.noarch.rpm\npython38-productmd-1.33-2.el8pc.noarch.rpm\npython38-prometheus-client-0.8.0-2.el8pc.noarch.rpm\npython38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm\npython38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm\npython38-pulp-cli-0.14.0-1.el8pc.noarch.rpm\npython38-pulp-container-2.9.2-1.el8pc.noarch.rpm\npython38-pulp-deb-2.16.1-1.el8pc.noarch.rpm\npython38-pulp-file-1.10.1-1.el8pc.noarch.rpm\npython38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm\npython38-pulpcore-3.16.9-1.el8pc.noarch.rpm\npython38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm\npython38-pycodestyle-2.7.0-4.el8pc.noarch.rpm\npython38-pycparser-2.20-2.el8pc.noarch.rpm\npython38-pyflakes-2.3.1-4.el8pc.noarch.rpm\npython38-pygments-2.10.0-2.el8pc.noarch.rpm\npython38-pygtrie-2.4.2-2.el8pc.noarch.rpm\npython38-pyjwkest-1.4.2-5.el8pc.noarch.rpm\npython38-pyjwt-1.7.1-7.el8pc.noarch.rpm\npython38-pyparsing-2.4.7-2.el8pc.noarch.rpm\npython38-pytz-2021.3-1.el8pc.noarch.rpm\npython38-redis-3.5.3-2.el8pc.noarch.rpm\npython38-requests-2.26.0-3.el8pc.noarch.rpm\npython38-requirements-parser-0.2.0-2.el8pc.noarch.rpm\npython38-rich-10.12.0-1.el8pc.noarch.rpm\npython38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm\npython38-schema-0.7.5-1.el8pc.noarch.rpm\npython38-semantic-version-2.8.5-2.el8pc.noarch.rpm\npython38-six-1.16.0-1.el8pc.noarch.rpm\npython38-sqlparse-0.4.2-2.el8pc.noarch.rpm\npython38-tablib-3.1.0-1.el8pc.noarch.rpm\npython38-tenacity-7.0.0-2.el8pc.noarch.rpm\npython38-toml-0.10.2-2.el8pc.noarch.rpm\npython38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm\npython38-uritemplate-4.1.1-1.el8pc.noarch.rpm\npython38-url-normalize-1.4.3-3.el8pc.noarch.rpm\npython38-urllib3-1.26.7-1.el8pc.noarch.rpm\npython38-urlman-1.4.0-2.el8pc.noarch.rpm\npython38-wcmatch-8.3-1.el8pc.noarch.rpm\npython38-webencodings-0.5.1-2.el8pc.noarch.rpm\npython38-whitenoise-5.3.0-1.el8pc.noarch.rpm\npython38-xlrd-2.0.1-4.el8pc.noarch.rpm\npython38-xlwt-1.3.0-2.el8pc.noarch.rpm\npython38-zipp-3.4.0-3.el8pc.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rack-2.2.3-2.el8sat.noarch.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-sequel-5.42.0-2.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sinatra-2.1.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nsatellite-capsule-6.11.0-2.el8sat.noarch.rpm\nsatellite-common-6.11.0-2.el8sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\npulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm\npython-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm\npython-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-1.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-aiohttp-3.8.1-2.el8pc.x86_64.rpm\npython38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm\npython38-brotli-1.0.9-1.el8pc.x86_64.rpm\npython38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm\npython38-cchardet-2.1.7-1.el8pc.x86_64.rpm\npython38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm\npython38-cffi-1.15.0-1.el8pc.x86_64.rpm\npython38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython38-cryptography-3.1.1-1.el8pc.x86_64.rpm\npython38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm\npython38-frozenlist-1.3.0-1.el8pc.x86_64.rpm\npython38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm\npython38-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython38-lxml-4.7.1-1.el8pc.x86_64.rpm\npython38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm\npython38-markupsafe-2.0.1-2.el8pc.x86_64.rpm\npython38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython38-multidict-5.2.0-1.el8pc.x86_64.rpm\npython38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm\npython38-psycopg2-2.9.1-1.el8pc.x86_64.rpm\npython38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm\npython38-pycairo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycares-4.1.2-3.el8pc.x86_64.rpm\npython38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm\npython38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm\npython38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm\npython38-pygobject-3.40.1-1.el8pc.x86_64.rpm\npython38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm\npython38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm\npython38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm\npython38-pyyaml-5.4.1-3.el8pc.x86_64.rpm\npython38-rhsm-1.19.2-2.el8pc.x86_64.rpm\npython38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm\npython38-solv-0.7.22-1.el8pc.x86_64.rpm\npython38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-yarl-1.7.2-1.el8pc.x86_64.rpm\npython38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nsatellite-clone-3.1.0-2.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nsatellite-clone-3.1.0-2.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nforeman-3.1.1.21-2.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\n\nnoarch:\nforeman-cli-3.1.1.21-2.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nsatellite-cli-6.11.0-2.el8sat.noarch.rpm\n\nx86_64:\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3584\nhttps://access.redhat.com/security/cve/CVE-2021-4142\nhttps://access.redhat.com/security/cve/CVE-2021-21290\nhttps://access.redhat.com/security/cve/CVE-2021-21295\nhttps://access.redhat.com/security/cve/CVE-2021-21409\nhttps://access.redhat.com/security/cve/CVE-2021-30151\nhttps://access.redhat.com/security/cve/CVE-2021-32839\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-41136\nhttps://access.redhat.com/security/cve/CVE-2021-42550\nhttps://access.redhat.com/security/cve/CVE-2021-43797\nhttps://access.redhat.com/security/cve/CVE-2021-43818\nhttps://access.redhat.com/security/cve/CVE-2021-44420\nhttps://access.redhat.com/security/cve/CVE-2021-44568\nhttps://access.redhat.com/security/cve/CVE-2021-45115\nhttps://access.redhat.com/security/cve/CVE-2021-45116\nhttps://access.redhat.com/security/cve/CVE-2021-45452\nhttps://access.redhat.com/security/cve/CVE-2022-22818\nhttps://access.redhat.com/security/cve/CVE-2022-23633\nhttps://access.redhat.com/security/cve/CVE-2022-23634\nhttps://access.redhat.com/security/cve/CVE-2022-23833\nhttps://access.redhat.com/security/cve/CVE-2022-23837\nhttps://access.redhat.com/security/cve/CVE-2022-28346\nhttps://access.redhat.com/security/cve/CVE-2022-28347\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYsSEj9zjgjWX9erEAQj1NhAAh9dwyCl+/LFkekteujgg+I646SZTWNua\n7x7JKiF+ptoaQB3ZcbKHAwuLMK5LNzTnsq+Y+ZuhPh1EkDKlZ1LkiONw/kTgMHLB\nEEq+lqiI3Lr31NWValfQiIatXbLQIyD7ZCk9dxxkJtTGGJw+CL7W4f2naYAsei+4\niYghK8DG5C33U5K/1NpXetfQMpRihferXV15Cx/bxGMcRP+ryD9vxxq4PDMWa1UH\nzTco1EAzP3UZxpD/AqCwNmBoG4r8gxSJml6CJatiicUQ1SrTdSMj2x8jYJ8pCWXR\n2ceGJVse2rBC0cunqV3tX/NL9xu8L8Vq4lyYDzJNhoSElQ6Lb/lpu1HpQpoqqmAf\nUBA7f80opj1o80U/M/WTQaQ9dYFDua7WlzzeuP026Pohsy/M1lZicmXMCDGJZaT1\nE4ivToILRGYfhZcVBrhFgWiPUQRmFvhxpGY0cStlmpMAruGeE9saXr1LyAbQrlty\nfnm4z+pRiLowgJPPTmusYPicL0p1DwU9XMxDSTW11/zp9PK5dErL+mIYofbvrOpk\nMhTKGBJ7yOgrmKTBUNIyNupeLuFM5MUBcw+nnTyjUHPh1Vaygq//WbUD+2IZileV\n0tRbFgVrt8mCk031+OVCbsUyGPO/D9+ambl7xieynjuIOHyLC+H3PH9QghCzZAUS\naMoVmOr2Umo=+ioi\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21295"
},
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "PACKETSTORM",
"id": "162714"
},
{
"db": "PACKETSTORM",
"id": "162719"
},
{
"db": "PACKETSTORM",
"id": "162732"
},
{
"db": "PACKETSTORM",
"id": "161954"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "167709"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21295",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "167709",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162490",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163517",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163477",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162839",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162714",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162732",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021081922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071219",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164346",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164566",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165294",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163922",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164279",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162035",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2896",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4253",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1144",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3495",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3282",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3208",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1755",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3284",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2416",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1571",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163483",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163485",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163480",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-379190",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162719",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "PACKETSTORM",
"id": "162714"
},
{
"db": "PACKETSTORM",
"id": "162719"
},
{
"db": "PACKETSTORM",
"id": "162732"
},
{
"db": "PACKETSTORM",
"id": "161954"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"id": "VAR-202103-1564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-10T21:06:19.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Netty Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144007"
},
{
"title": "Debian CVElist Bug Report Logs: netty: CVE-2021-21295",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3dae7308ddf952db0ad410f80e658793"
},
{
"title": "Debian CVElist Bug Report Logs: netty: CVE-2021-21409",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=23e6ecb2c9e3ae264a6a904e00c922b4"
},
{
"title": "Red Hat: CVE-2021-21295",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-21295"
},
{
"title": "Debian Security Advisories: DSA-4885-1 netty -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b857eb63eda3549d92d4cef6b191afe6"
},
{
"title": "Red Hat: Moderate: Satellite 6.11 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225498 - security advisory"
},
{
"title": "CVE-2021-21295",
"trust": 0.1,
"url": "https://github.com/pwncast/cve-2021-21295 "
},
{
"title": "CVE-2021-21295",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-21295 "
},
{
"title": "CVE-2021-21295",
"trust": 0.1,
"url": "https://github.com/aipocai/cve-2021-21295 "
},
{
"title": "CVE-2021-21409",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-21409 "
},
{
"title": "test.md",
"trust": 0.1,
"url": "https://github.com/awesomealpha/test.md "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"trust": 1.8,
"url": "https://github.com/netty/netty/security/advisories/ghsa-wm47-8v5p-wjpj"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://github.com/netflix/zuul/pull/980"
},
{
"trust": 1.7,
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3cdev.ranger.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3%40%3cdev.jackrabbit.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3cdev.ranger.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd%40%3cdev.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8%40%3ccommits.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3cdev.ranger.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3cdev.ranger.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8@%3ccommits.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd@%3cdev.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3@%3cdev.jackrabbit.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2416"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3208"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1821"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163517/red-hat-security-advisory-2021-2755-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1108"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1571"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3495"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167709/red-hat-security-advisory-2022-5498-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3282"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165294/red-hat-security-advisory-2021-5134-05.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050706"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6518930"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163477/red-hat-security-advisory-2021-2689-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2021-21290-cve-2021-21295-cve-2021/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163922/red-hat-security-advisory-2021-3225-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162035/red-hat-security-advisory-2021-0943-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2021-21295/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164279/red-hat-security-advisory-2021-3660-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tiercve-2021-21295/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162732/red-hat-security-advisory-2021-2070-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1755"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162714/red-hat-security-advisory-2021-2051-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2896"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4253"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071219"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1144"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164566/red-hat-security-advisory-2021-3880-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162839/red-hat-security-advisory-2021-2139-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162490/red-hat-security-advisory-2021-1511-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3284"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/netty-information-disclosure-via-content-length-header-34897"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3597"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29425"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3690"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3642"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3642"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28170"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://github.com/netty/netty/security/advisories/ghsa-f256-j965-7f32"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"trust": 0.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984948"
},
{
"trust": 0.1,
"url": "https://github.com/pwncast/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2051"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3424"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4142"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "PACKETSTORM",
"id": "162714"
},
{
"db": "PACKETSTORM",
"id": "162719"
},
{
"db": "PACKETSTORM",
"id": "162732"
},
{
"db": "PACKETSTORM",
"id": "161954"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"db": "PACKETSTORM",
"id": "162714"
},
{
"db": "PACKETSTORM",
"id": "162719"
},
{
"db": "PACKETSTORM",
"id": "162732"
},
{
"db": "PACKETSTORM",
"id": "161954"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2021-03-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"date": "2021-05-19T21:03:57",
"db": "PACKETSTORM",
"id": "162714"
},
{
"date": "2021-05-19T21:04:29",
"db": "PACKETSTORM",
"id": "162719"
},
{
"date": "2021-05-20T22:17:09",
"db": "PACKETSTORM",
"id": "162732"
},
{
"date": "2021-03-25T13:47:58",
"db": "PACKETSTORM",
"id": "161954"
},
{
"date": "2021-09-24T15:39:43",
"db": "PACKETSTORM",
"id": "164276"
},
{
"date": "2021-09-24T15:39:14",
"db": "PACKETSTORM",
"id": "164275"
},
{
"date": "2022-07-06T15:29:45",
"db": "PACKETSTORM",
"id": "167709"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"date": "2021-03-09T19:15:12.657000",
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2022-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21295"
},
{
"date": "2022-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-713"
},
{
"date": "2023-11-07T03:29:44.303000",
"db": "NVD",
"id": "CVE-2021-21295"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty Environmental problem loophole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-713"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2023-02-24 18:15
Modified
2024-11-21 07:37
Severity ?
Summary
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/quarkusio/quarkus/pull/30694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/quarkusio/quarkus/pull/30694 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFC706-B7B5-458B-833E-195D65F2E8EC",
"versionEndExcluding": "2.16.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user."
},
{
"lang": "es",
"value": "En la implementaci\u00f3n RestEasy Reactive de Quarkus, el inseguro File.createTempFile() se usa en la clase FileBodyHandler que crea archivos temporales con permisos inseguros que un usuario local podr\u00eda leer."
}
],
"id": "CVE-2023-0481",
"lastModified": "2024-11-21T07:37:15.893",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-24T18:15:14.140",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/30694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/30694"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-378"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-02 17:15
Modified
2024-11-21 05:02
Severity ?
Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC854C9B-84E8-4AAD-91B0-96A9DA0B1FC5",
"versionEndExcluding": "4.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4A0CBA-0BAF-4322-83C5-211ED7254B59",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1B998C-28F3-4F9D-8173-6591981AE52A",
"versionEndExcluding": "1.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289C3121-D30F-45C0-BD0E-F98C61269D74",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA409CE-EAAE-4B20-ADAB-22E0A8F6063C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84C6CD9A-D0BA-4B37-9FEA-6EE91C83BF75",
"versionEndExcluding": "20.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13209603-DBC5-4B1F-A4FB-04E3C722AB18",
"versionEndExcluding": "20.4.1.407.0006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1BEAE3-B299-433E-A922-7F226B037D87",
"versionEndExcluding": "21.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
},
{
"lang": "es",
"value": "Apache HttpClient versiones anteriores a 4.5.13 y 5.0.3, pueden interpretar inapropiadamente el componente authority malformado en las peticiones URI pasadas ??a la biblioteca como objeto java.net.URI y elegir el host de destino equivocado para una ejecuci\u00f3n de la petici\u00f3n"
}
],
"id": "CVE-2020-13956",
"lastModified": "2024-11-21T05:02:13.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-02T17:15:14.547",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-12 03:15
Modified
2024-11-21 03:20
Severity ?
Summary
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| snakeyaml_project | snakeyaml | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| quarkus | quarkus | * | |
| oracle | peoplesoft_enterprise_pt_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_pt_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_pt_peopletools | 8.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5ACA011-C76B-4D54-8DF1-0DCA569EDAA4",
"versionEndExcluding": "1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD704F-068A-4365-88DD-9ABE77BE8D72",
"versionEndIncluding": "1.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "La funci\u00f3n Alias en SnakeYAML antes de la versi\u00f3n 1.26 permite la expansi\u00f3n de entidades durante una operaci\u00f3n de carga, un problema relacionado con CVE-2003-1564"
}
],
"id": "CVE-2017-18640",
"lastModified": "2024-11-21T03:20:32.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T03:15:10.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-04 16:15
Modified
2024-11-21 05:01
Severity ?
Summary
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql_jdbc_driver | * | |
| quarkus | quarkus | * | |
| netapp | steelstore_cloud_integrated_storage | - | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8345E93-0BD6-49FB-A82C-219E72541536",
"versionEndExcluding": "42.2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9BF484-A446-4315-B748-F4723622C464",
"versionEndIncluding": "1.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
},
{
"lang": "es",
"value": "PostgreSQL JDBC Driver (tambi\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE"
}
],
"id": "CVE-2020-13692",
"lastModified": "2024-11-21T05:01:44.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-04T16:15:12.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-26 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1935927 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | resteasy | * | |
| netapp | oncommand_insight | - | |
| quarkus | quarkus | * | |
| oracle | communications_cloud_native_core_console | 1.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB9A229-3B62-487E-B31D-580445DAFE8D",
"versionEndIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D115261-69F8-4854-B5DE-656858132B62",
"versionEndExcluding": "1.13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final.\u0026#xa0;Los nombres de m\u00e9todos y clases de endpoint son devueltos como parte de la respuesta de excepci\u00f3n cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petici\u00f3n a el valor del par\u00e1metro de m\u00e9todo del recurso JAX-RS correspondiente.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos."
}
],
"id": "CVE-2021-20289",
"lastModified": "2024-11-21T05:46:17.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-26T17:15:13.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-02 15:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hibernate | hibernate_orm | * | |
| hibernate | hibernate_orm | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| quarkus | quarkus | * | |
| oracle | communications_cloud_native_core_console | 1.9.0 | |
| oracle | retail_customer_management_and_segmentation_foundation | 19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F836E-0018-4430-9FDD-235EA0F03F8D",
"versionEndExcluding": "5.3.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "355B45AF-42E0-4D63-969F-96FFEF16103B",
"versionEndExcluding": "5.4.24",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1809D7D8-574D-4524-90A6-4C0B163E5630",
"versionEndIncluding": "1.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en hibernate-core en versiones anteriores a 5.4.23.Final incluy\u00e9ndola.\u0026#xa0;Una inyecci\u00f3n SQL en la implementaci\u00f3n de la API de criterios de JPA puede permitir literales no saneados cuando es usado un literal en los comentarios de SQL de la consulta.\u0026#xa0;Este fallo podr\u00eda permitir a un atacante acceder a informaci\u00f3n no autorizada o posiblemente conducir m\u00e1s ataques.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos"
}
],
"id": "CVE-2020-25638",
"lastModified": "2024-11-21T05:18:18.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-02T15:15:12.377",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-06 14:15
Modified
2024-11-21 05:11
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42BBD73E-2B89-48B7-95F0-187128579D86",
"versionEndExcluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD20C55-1888-477C-923F-B25E8B5CD239",
"versionEndIncluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en todas las versiones de Keycloak donde, las p\u00e1ginas en el \u00e1rea Admin Console de la aplicaci\u00f3n, carecen completamente de encabezados de seguridad HTTP generales en las respuestas HTTP. Esto no conlleva directamente a un problema de seguridad, sin embargo podr\u00eda ayudar a atacantes en sus esfuerzos para explotar otros problemas. Los fallos innecesariamente hacen a los servidores m\u00e1s propensos a un secuestro del cliqueo, ataques de degradaci\u00f3n de canal y otros vectores de ataque similares basados en el cliente."
}
],
"id": "CVE-2020-1728",
"lastModified": "2024-11-21T05:11:15.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-06T14:15:12.607",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 15:15
Modified
2024-11-21 06:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jsoup:jsoup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2FF61F-FB78-426C-9FD0-72A1AB17A92D",
"versionEndExcluding": "1.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
"versionEndIncluding": "14.3.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B772D5-F0BB-4CD4-99D1-B84562D01586",
"versionEndIncluding": "19.0",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCFDDAC-CF84-4259-BA65-98DC5482A0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847E8F6A-6115-4CCB-B16B-5DA8427958C4",
"versionEndExcluding": "19.1.0.0.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes."
},
{
"lang": "es",
"value": "jsoup es una biblioteca Java para trabajar con HTML. Aquellos usando versiones de jsoup anteriores a 1.14.2 para analizar HTML o XML no confiables pueden ser vulnerables a ataques DOS. Si el analizador es ejecutado con una entrada suministrada por el usuario, un atacante puede suministrar contenido que cause que el analizador se atasque (un bucle indefinido hasta que se cancele), para completarse m\u00e1s lentamente de lo habitual o que lance una excepci\u00f3n inesperada. Este efecto puede permitir un ataque de denegaci\u00f3n de servicio. El problema est\u00e1 parcheado en versi\u00f3n 1.14.2. Se presentan algunas soluciones disponibles. Los usuarios pueden limitar el an\u00e1lisis de las entradas, limitar el tama\u00f1o de las entradas en funci\u00f3n de los recursos del sistema, y/o implementar controles de hilos para limitar el tiempo de ejecuci\u00f3n del an\u00e1lisis."
}
],
"id": "CVE-2021-37714",
"lastModified": "2024-11-21T06:15:46.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T15:15:08.023",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jsoup.org/news/release-1.14.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jsoup.org/news/release-1.14.2"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e%40%3Cissues.maven.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0022/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jsoup.org/news/release-1.14.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://jsoup.org/news/release-1.14.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r50e9c9466c592ca9d707a5dea549524d19e3287da08d8392f643960e%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r685c5235235ad0c26e86d0ee987fb802c9675de6081dbf0516464e0b%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r97404676a5cf591988faedb887d64e278f522adcaa823d89ca69defe%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc3354080fc67fb50b45b3c2d12dc4ca2a3c1c78dad3d3ba012c038aa%40%3Cnotifications.james.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
},
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-02 05:15
Modified
2024-11-21 07:24
Severity ?
Summary
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| quarkus | quarkus | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | oncommand_workflow_automation | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0848F177-1977-4C9C-B91A-7374FF25F335",
"versionEndExcluding": "2.12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB48E8E-EB2F-46D1-BD98-982FB3528273",
"versionEndExcluding": "2.13.4",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA36870-3A63-428D-BC49-4924FF75FAAD",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization."
},
{
"lang": "es",
"value": "En FasterXML jackson-databind versiones anteriores a 2.13.4, el agotamiento de los recursos puede ocurrir debido a una falta de comprobaci\u00f3n en BeanDeserializer._deserializeFromArray para impedir el uso de arrays profundamente anidados. Una aplicaci\u00f3n es vulnerable s\u00f3lo con determinadas opciones personalizadas para la deserializaci\u00f3n"
}
],
"id": "CVE-2022-42004",
"lastModified": "2024-11-21T07:24:15.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-02T05:15:09.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-12 22:15
Modified
2024-11-21 06:01
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 | Exploit, Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBD5FF7-3589-474C-8BA7-0385D3E4BC0F",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system\u0027s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only."
},
{
"lang": "es",
"value": "En Gradle versiones anteriores a 7.0, los archivos creados con permisos abiertos en el directorio temporal del sistema pueden permitir a un atacante acceder a la informaci\u00f3n descargada por Gradle.\u0026#xa0;Algunas compilaciones pueden ser vulnerables a una divulgaci\u00f3n de informaci\u00f3n local.\u0026#xa0;Los archivos remotos a los que se accede por medio de TextResourceFactory son descargados primero en el directorio temporal del sistema.\u0026#xa0;Informaci\u00f3n confidencial contenida en estos archivos pueden ser expuestas a otros usuarios locales en el mismo sistema.\u0026#xa0;Si no usa la API \"TextResourceFactory\", no es vulnerable.\u0026#xa0;A partir de Gradle versi\u00f3n 7.0, los usos del directorio temporal del sistema han sido movido al directorio Gradle User Home. Por defecto, este directorio est\u00e1 restringido al usuario que ejecuta la compilaci\u00f3n.\u0026#xa0;Como soluci\u00f3n alternativa, establezca una m\u00e1scara de usuario m\u00e1s restrictiva que elimine el acceso de lectura a otros usuarios.\u0026#xa0;Cuando se crean archivos en el directorio temporal del sistema,\u0026#xa0;no ser\u00e1n accedidos por otros usuarios.\u0026#xa0;Si no puede cambiar la umask de su sistema, puede mover el directorio temporal de Java al configurar el System Property \"java.io.tmpdir\".\u0026#xa0;La nueva ruta debe limitar los permisos solo al usuario de la compilaci\u00f3n"
}
],
"id": "CVE-2021-29429",
"lastModified": "2024-11-21T06:01:04.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T22:15:13.320",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-377"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 06:01
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76D1A1A2-F95B-481D-8EAE-9E54EF5B1F1B",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the \"A Confusing Dependency\" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced."
},
{
"lang": "es",
"value": "En Gradle desde versi\u00f3n 5.1 y anterior a la versi\u00f3n 7.0, se presenta una vulnerabilidad que puede conducir a la divulgaci\u00f3n de informaci\u00f3n y/o envenenamiento por dependencia.\u0026#xa0;El filtrado de contenido del repositorio es un control de seguridad que Gradle introdujo para ayudar a los usuarios a especificar qu\u00e9 repositorios se usan para resolver dependencias espec\u00edficas.\u0026#xa0;Esta funci\u00f3n se introdujo a ra\u00edz de la publicaci\u00f3n de blog \"A Confusing Dependency\".\u0026#xa0;En algunos casos, Gradle puede ignorar los filtros de contenido y buscar dependencias en todos los repositorios.\u0026#xa0;Esto solo ocurre cuando el filtrado de contenido del repositorio se usa dentro de un bloque `pluginManagement` en un archivo de configuraci\u00f3n.\u0026#xa0;Esto puede cambiar la forma en que se resuelven las dependencias para los plugins de Gradle y los scripts de compilaci\u00f3n.\u0026#xa0;Para las compilaciones que son vulnerables, existen dos riesgos: 1) Divulgaci\u00f3n de informaci\u00f3n:\u0026#xa0;Gradle podr\u00eda realizar peticiones de dependencia a repositorios fuera de su organizaci\u00f3n y filtrar identificadores de paquetes internos.\u0026#xa0;2) Envenenamiento por Dependencia / Confusi\u00f3n de Dependencia: Gradle podr\u00eda descargar un binario malicioso de un repositorio fuera de su organizaci\u00f3n debido a la ocupaci\u00f3n ilegal de nombres.\u0026#xa0;Para obtener un ejemplo completo y m\u00e1s detalles, consulte el Aviso de seguridad de GitHub al que se hace referencia.\u0026#xa0;El problema se ha corregido y publicado con Gradle versi\u00f3n 7.0.\u0026#xa0;Los usuarios que conf\u00edan en esta funci\u00f3n deben actualizar su compilaci\u00f3n lo antes posible.\u0026#xa0;Como soluci\u00f3n alternativa, los usuarios pueden utilizar un repositorio de la empresa que tenga las reglas adecuadas para recuperar paquetes de repositorios p\u00fablicos, o utilizar el filtrado de contenido del repositorio a nivel de proyecto, dentro de `buildscript.repositories`.\u0026#xa0;Esta opci\u00f3n est\u00e1 disponible desde Gradle versi\u00f3n 5.1 cuando se introdujo la funci\u00f3n"
}
],
"id": "CVE-2021-29427",
"lastModified": "2024-11-21T06:01:04.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T20:15:21.703",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 15:15
Modified
2024-11-21 06:14
Severity ?
Summary
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF41DE29-2A17-4085-9F00-811E461E36EC",
"versionEndExcluding": "4.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*",
"matchCriteriaId": "701B1B1D-A36F-4B73-B16D-F6574DF43754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE14F1-7E98-4C3B-A817-C54273F23464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*",
"matchCriteriaId": "7C098860-0862-4C5B-8EE4-9469D5D01815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack"
},
{
"lang": "es",
"value": "La funci\u00f3n Bzip2 decompression decoder no permite establecer restricciones de tama\u00f1o en los datos de salida descomprimidos (lo que afecta al tama\u00f1o de asignaci\u00f3n usado durante la descompresi\u00f3n). Todos los usuarios de Bzip2Decoder est\u00e1n afectados. La entrada maliciosa puede desencadenar un OOME y as\u00ed un ataque de DoS"
}
],
"id": "CVE-2021-37136",
"lastModified": "2024-11-21T06:14:42.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T15:15:07.697",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 14:15
Modified
2024-11-21 08:42
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-5720 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2245700 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-5720 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2245700 | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C787DE6A-4365-4B6E-A6A7-A92EB9BFE60A",
"versionEndExcluding": "3.2.8",
"versionStartIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:3.0.0:candidate_release1:*:*:*:*:*:*",
"matchCriteriaId": "8232F2FC-E50E-43FE-9666-3BE3BE9BF40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:3.0.0:candidate_release2:*:*:*:*:*:*",
"matchCriteriaId": "FCDBF169-8132-4EDE-8F37-70400502676A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Quarkus, donde no sanitiza adecuadamente los artefactos creados con el complemento Gradle, lo que permite que permanezca cierta informaci\u00f3n del sistema de compilaci\u00f3n. Esta falla permite a un atacante acceder a informaci\u00f3n potencialmente confidencial desde el sistema de compilaci\u00f3n dentro de la aplicaci\u00f3n."
}
],
"id": "CVE-2023-5720",
"lastModified": "2024-11-21T08:42:21.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T14:15:07.900",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5720"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245700"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-526"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 11:15
Modified
2024-11-21 07:39
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E10BE3-2878-4766-81B6-F20A28986885",
"versionEndExcluding": "2.13.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en Quarkus. Quarkus OIDC puede filtrar tanto ID como tokens de acceso en el flujo del c\u00f3digo de autorizaci\u00f3n cuando se utiliza un protocolo HTTP inseguro, lo que puede permitir a los atacantes acceder a datos confidenciales del usuario directamente desde el token de ID o utilizando el token de acceso para acceder a los datos del usuario desde los servicios del proveedor OIDC. . Tenga en cuenta que las contrase\u00f1as no se almacenan en tokens de acceso."
}
],
"id": "CVE-2023-1584",
"lastModified": "2024-11-21T07:39:29.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T11:15:09.770",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:3809"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1584"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180886"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/32192"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/33414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:3809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/32192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/quarkusio/quarkus/pull/33414"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-09 19:15
Modified
2024-11-21 06:29
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netty | netty | * | |
| quarkus | quarkus | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - | |
| oracle | banking_deposits_and_lines_of_credit_servicing | 2.7 | |
| oracle | banking_party_management | 2.7.0 | |
| oracle | banking_platform | 2.6.2 | |
| oracle | coherence | 12.2.1.4.0 | |
| oracle | coherence | 14.1.1.0.0 | |
| oracle | communications_cloud_native_core_binding_support_function | 1.11.0 | |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.8.0 | |
| oracle | communications_cloud_native_core_policy | 1.15.0 | |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 | |
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 | |
| oracle | communications_design_studio | 7.4.2 | |
| oracle | communications_instant_messaging_server | 8.1 | |
| oracle | helidon | 1.4.10 | |
| oracle | helidon | 2.4.0 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C0F0C-1D4C-4383-820A-9325DE306780",
"versionEndExcluding": "4.1.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9050DC4B-0A83-436F-9AE5-6DC28EC7F69D",
"versionEndExcluding": "2.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED63D221-31FA-480F-802F-844334F429F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A67AA54B-258D-4D09-9ACB-4085E0B3E585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE14F1-7E98-4C3B-A817-C54273F23464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to \"sanitize\" header names before it forward these to another remote system when used as proxy. This remote system can\u0027t see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final."
},
{
"lang": "es",
"value": "Netty es un marco de trabajo de aplicaciones de red as\u00edncronas impulsadas por eventos para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles. Netty antes de la versi\u00f3n 4.1.71.Final omite los caracteres de control cuando est\u00e1n presentes al principio/fin del nombre de la cabecera. En su lugar, deber\u00eda fallar r\u00e1pidamente ya que estos no est\u00e1n permitidos por la especificaci\u00f3n y podr\u00edan llevar a un contrabando de peticiones HTTP. No hacer la validaci\u00f3n podr\u00eda causar que netty \"sanee\" los nombres de las cabeceras antes de reenviarlas a otro sistema remoto cuando se usa como proxy. Este sistema remoto ya no puede ver el uso inv\u00e1lido, y por lo tanto no hace la validaci\u00f3n por s\u00ed mismo. Los usuarios deben actualizar a la versi\u00f3n 4.1.71.Final"
}
],
"id": "CVE-2021-43797",
"lastModified": "2024-11-21T06:29:48.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-09T19:15:07.960",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220107-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 15:15
Modified
2024-11-21 06:14
Severity ?
Summary
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF41DE29-2A17-4085-9F00-811E461E36EC",
"versionEndExcluding": "4.1.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk."
},
{
"lang": "es",
"value": "La funci\u00f3n Snappy frame decoder no restringe la longitud de los trozos, lo que puede conllevar a un uso excesivo de memoria. Adem\u00e1s, tambi\u00e9n puede almacenar en el b\u00fafer trozos omitibles reservados hasta que se reciba el trozo completo, lo que tambi\u00e9n puede conllevar a un uso excesivo de memoria. Esta vulnerabilidad puede desencadenarse al suministrar una entrada maliciosa que se descomprime a un tama\u00f1o muy grande (por medio de un flujo de red o un archivo) o mediante el env\u00edo de un trozo omitido enorme"
}
],
"id": "CVE-2021-37137",
"lastModified": "2024-11-21T06:14:43.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T15:15:07.757",
"references": [
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "reefs@jfrog.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "reefs@jfrog.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "reefs@jfrog.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-10 23:15
Modified
2024-11-21 05:39
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| guava | * | ||
| quarkus | quarkus | * | |
| oracle | commerce_guided_search | 11.3.2 | |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.2.1 | |
| oracle | communications_pricing_design_center | 12.0.0.4.0 | |
| oracle | communications_pricing_design_center | 12.0.0.5.0 | |
| oracle | data_integrator | 12.2.1.3.0 | |
| oracle | data_integrator | 12.2.1.4.0 | |
| oracle | nosql_database | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | retail_customer_management_and_segmentation_foundation | * | |
| oracle | weblogic_server | 14.1.1.0.0 | |
| oracle | communications_cloud_native_core_network_repository_function | 1.14.0 | |
| oracle | primavera_unifier | * | |
| oracle | primavera_unifier | 18.8 | |
| oracle | primavera_unifier | 19.12 | |
| oracle | primavera_unifier | 20.12 | |
| oracle | primavera_unifier | 21.12 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FA9B26-6D87-4FE1-B719-EC4770B5418D",
"versionEndExcluding": "32.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89306BA8-9E5C-49F6-AB32-B78BE1D831F0",
"versionEndExcluding": "1.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "129CA55C-C770-4D42-BD17-9011F3AC93C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime\u0027s java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n"
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en la creaci\u00f3n de directorios temporales en todas las versiones de Guava, que permite a un atacante con acceso a la m\u00e1quina acceder potencialmente a los datos de un directorio temporal creado por la API de Guava com.google.common.io.Files.createTempDir(). Por defecto, en los sistemas de tipo unix, el directorio creado es legible por el mundo (legible por un atacante con acceso al sistema). El m\u00e9todo en cuesti\u00f3n ha sido marcado como @Deprecated en las versiones 30.0 y posteriores y no debe ser utilizado. Para los desarrolladores de Android, recomendamos elegir una API de directorio temporal proporcionada por Android, como context.getCacheDir(). Para otros desarrolladores de Java, recomendamos migrar a la API de Java 7 java.nio.file.Files.createTempDirectory() que configura expl\u00edcitamente los permisos de 700, o configurar la propiedad del sistema java.io.tmpdir del tiempo de ejecuci\u00f3n de Java para que apunte a una ubicaci\u00f3n cuyos permisos est\u00e9n configurados adecuadamente"
}
],
"id": "CVE-2020-8908",
"lastModified": "2024-11-21T05:39:40.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-10T23:15:13.973",
"references": [
{
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/google/guava/issues/4011"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/google/guava/issues/4011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-378"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-13 19:15
Modified
2024-11-21 05:11
Severity ?
Summary
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://github.com/keycloak/keycloak/pull/7053 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/keycloak/keycloak/pull/7053 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | keycloak | * | |
| redhat | decision_manager | 7.0 | |
| redhat | jboss_fuse | 7.0.0 | |
| redhat | openshift_application_runtimes | - | |
| redhat | process_automation | 7.0 | |
| redhat | single_sign-on | 7.0 | |
| quarkus | quarkus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255305D5-BC40-46ED-9937-1904D210885F",
"versionEndExcluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD20C55-1888-477C-923F-B25E8B5CD239",
"versionEndIncluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution."
},
{
"lang": "es",
"value": "Se detect\u00f3 un fallo en Keycloak versiones anteriores a 11.0.0, donde la base de c\u00f3digo contiene usos de la funci\u00f3n ObjectInputStream sin ning\u00fan tipo de comprobaciones. Este fallo permite a un atacante inyectar Objetos Java serializados arbitrariamente, que luego se deserializar\u00e1n en un contexto privilegiado y conlleva potencialmente a una ejecuci\u00f3n de c\u00f3digo remota."
}
],
"id": "CVE-2020-1714",
"lastModified": "2024-11-21T05:11:13.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-13T19:15:11.987",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/keycloak/keycloak/pull/7053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/keycloak/keycloak/pull/7053"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-22 19:15
Modified
2024-11-21 07:34
Severity ?
Summary
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-4116 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-4116 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB3AE2B-D316-41BD-B3C5-BEBA5D6F37AC",
"versionEndExcluding": "2.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C2280D-5F0E-4E86-BA5B-0121A284B836",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los quarkus. Esta falla de seguridad ocurre en Dev UI Config Editor, que es vulnerable a ataques de host local que conducen a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2022-4116",
"lastModified": "2024-11-21T07:34:36.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-22T19:15:18.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4116"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 21:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1899354 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210702-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1899354 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210702-0003/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11F11745-4735-43A8-B94B-F262E3248225",
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C58E1EC1-8340-422E-99F3-CCDB290AD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "3FA3AD77-B58D-4F0F-A6BF-CAA2E5F41D91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72CAE44C-9314-4931-82DE-F8F5C8787C3D",
"versionEndExcluding": "1.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en RESTEasy, donde es proporcionada una respuesta incorrecta para una petici\u00f3n HTTP.\u0026#xa0;Este fallo permite a un atacante conseguir acceso a informaci\u00f3n privilegiada.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad y la integridad.\u0026#xa0;Las versiones anteriores a resteasy versi\u00f3n 2.0.0.Alpha3 est\u00e1n afectadas"
}
],
"id": "CVE-2020-25724",
"lastModified": "2024-11-21T05:18:35.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T21:15:08.107",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-567"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-06 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0960BC3-6311-47BC-8A26-64352815D61D",
"versionEndExcluding": "5.3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6F089C-BBE4-4E11-BAC8-3CD6ADE1CA28",
"versionEndExcluding": "5.4.18",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "C4724F20-5376-4FB0-8DFA-A75004E2F60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:fuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE29E03D-4680-49E1-8DB4-17B2705E9FBF",
"versionEndExcluding": "7.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*",
"matchCriteriaId": "434B744A-9665-4340-B02D-7923FCB2B562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9BF484-A446-4315-B748-F4723622C464",
"versionEndIncluding": "1.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "645A908C-18C2-4AB1-ACE7-3969E3A552A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Hibernate ORM en versiones anteriores a 5.3.18, 5.4.18 y 5.5.0.Beta1. Una inyecci\u00f3n SQL en la implementaci\u00f3n de la API JPA Criteria puede permitir literales no saneados cuando es usado un literal en las partes de la consulta SELECT o GROUP BY. Este fallo podr\u00eda permitir a un atacante acceder a informaci\u00f3n no autorizada o posiblemente conducir a nuevos ataques"
}
],
"id": "CVE-2019-14900",
"lastModified": "2024-11-21T04:27:38.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-06T19:15:12.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0020/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-02 05:15
Modified
2024-11-21 07:24
Severity ?
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| quarkus | quarkus | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | oncommand_workflow_automation | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0848F177-1977-4C9C-B91A-7374FF25F335",
"versionEndExcluding": "2.12.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B",
"versionEndExcluding": "2.13.4.1",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8",
"versionEndExcluding": "2.13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
},
{
"lang": "es",
"value": "En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1"
}
],
"id": "CVE-2022-42003",
"lastModified": "2024-11-21T07:24:15.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-02T05:15:09.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-09 02:15
Modified
2024-11-21 08:43
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quarkus | quarkus | * | |
| redhat | build_of_quarkus | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA9910B-385F-4727-9B6C-CFD2EB67DD31",
"versionEndExcluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en Quarkus. Este problema ocurre cuando se recibe una solicitud a trav\u00e9s de websocket sin ning\u00fan permiso basado en roles especificado en la operaci\u00f3n GraphQL, Quarkus procesa la solicitud sin autenticaci\u00f3n a pesar de que el endpoint est\u00e1 protegido. Esto puede permitir que un atacante acceda a informaci\u00f3n y funcionalidad fuera de los permisos API normales otorgados."
}
],
"id": "CVE-2023-6394",
"lastModified": "2024-11-21T08:43:46.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-09T02:15:06.747",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7612"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7700"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6394"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252197"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-03 17:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C23395F-4438-4B80-9DA6-87E760F7459A",
"versionEndExcluding": "2.6.7.4",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7703D07D-5784-47D1-9391-D376A24D7C5A",
"versionEndExcluding": "2.9.10.7",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C07803-813B-4AAC-9C08-9EB83756F16B",
"versionEndExcluding": "2.10.5.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFFB9C4-DE43-4ADC-B1C7-6F034741D9C3",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C798AD5-AAF5-4044-B348-336F4CFA86CF",
"versionEndExcluding": "0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "180F3D2A-7E7A-4DE9-9792-942CB3D6B51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1BC31C-6016-42A8-9517-2FBBC92620CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4012B512-DB7D-476A-93A6-51054DD6E3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28AD22B9-A037-419C-8D72-8B062E6882FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2051BA9E-E635-47D5-B942-8AC26E9487CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA81FC1-63E1-479F-941C-930351E43010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDB3D8B-1D04-4345-BB27-723186719CBD",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A366B8-1B5C-4C9E-A761-1AB1547D7404",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCA7DD9-8599-4E43-9D82-999BE15483B9",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6951D244-845C-4BF2-AC75-F226B0C39C77",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A932C79-8646-4023-9C12-9C7A2A6840EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BBA303-8D2B-48C5-B52A-4E192166699C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en FasterXML Jackson Databind, donde no ten\u00eda la expansi\u00f3n de entidad asegurada apropiadamente. Este fallo permite una vulnerabilidad a ataques de tipo XML external entity (XXE). La mayor amenaza de esta vulnerabilidad es la integridad de los datos"
}
],
"id": "CVE-2020-25649",
"lastModified": "2024-11-21T05:18:20.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T17:15:12.503",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 19:15
Modified
2024-11-21 05:47
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netty | netty | * | |
| netapp | oncommand_api_services | - | |
| netapp | oncommand_workflow_automation | - | |
| debian | debian_linux | 10.0 | |
| quarkus | quarkus | * | |
| apache | kudu | * | |
| apache | zookeeper | 3.5.9 | |
| oracle | communications_cloud_native_core_policy | 1.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "635A35A3-F02B-44CC-BB81-48C97F1612B1",
"versionEndExcluding": "4.1.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64839EBF-078E-492A-897C-9AFFB7678ED8",
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:kudu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A868228B-8AA3-4A4D-B3B4-9344854B94F2",
"versionEndExcluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:zookeeper:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D906AE-B5F6-4CD6-8018-F6FFF7A49913",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`."
},
{
"lang": "es",
"value": "Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y controlado por eventos as\u00edncronos para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty (io.netty: netty-codec-http2) versiones anteriores a la versi\u00f3n 4.1.60.Final, se presenta una vulnerabilidad que permite el tr\u00e1fico de peticiones.\u0026#xa0;Si existe un encabezado Content-Length en la petici\u00f3n HTTP/2 original, el campo no es comprobado por \"Http2MultiplexHandler\" a medida que se propaga.\u0026#xa0;Esto est\u00e1 bien siempre que la petici\u00f3n no se transmita como HTTP/1.1.\u0026#xa0;Si la petici\u00f3n llega como una secuencia HTTP/2, se convierte en los objetos de dominio HTTP/1.1 (\"HttpRequest\", \"HttpContent\", etc.) por medio de \"Http2StreamFrameToHttpObjectCodec\" y luego se env\u00eda al pipeline del canal secundario y al proxy mediante un peer remoto como HTTP/1.1, esto puede resultar en el tr\u00e1fico de peticiones.\u0026#xa0;En un caso de proxy,\u0026#xa0;los usuarios pueden asumir que la longitud del contenido est\u00e1 comprobada de alguna forma, lo que no es el caso.\u0026#xa0;Si la petici\u00f3n se reenv\u00eda a un canal de backend que es una conexi\u00f3n HTTP/1.1, la longitud del contenido ahora tiene significado y debe verificarse.\u0026#xa0;Un atacante puede traficar peticiones dentro del cuerpo a medida que se degrada de HTTP/2 a HTTP/1.1.\u0026#xa0;Para visualizar un ejemplo de ataque, consulte el Aviso de GitHub vinculado.\u0026#xa0;Los usuarios solo est\u00e1n afectados si todo esto es cierto: se usa \"HTTP2MultiplexCodec\" o \"Http2FrameCodec\", se usa \"Http2StreamFrameToHttpObjectCodec\" para convertir a objetos HTTP/1.1, y estos objetos HTTP/1.1 se reenv\u00edan a otro par remoto.\u0026#xa0;Esto ha sido parcheado en la versi\u00f3n 4.1.60.Final. Como soluci\u00f3n, el usuario puede hacer la comprobaci\u00f3n por s\u00ed mismo implementando un \"ChannelInboundHandler\" personalizado que se coloca en el \"ChannelPipeline\" detr\u00e1s de \"Http2StreamFrameToHttpObjectCodec\""
}
],
"id": "CVE-2021-21295",
"lastModified": "2024-11-21T05:47:57.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T19:15:12.657",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/zuul/pull/980"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd%40%3Cdev.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8%40%3Ccommits.hbase.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/zuul/pull/980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r15f66ada9a5faf4bac69d9e7c4521cedfefa62df9509881603791969%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r16c4b55ac82be72f28adad4f8061477e5f978199d5725691dcc82c24%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1bca0b81193b74a451fc6d687ab58ef3a1f5ec40f6c61561d8dd9509%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r22b2f34447d71c9a0ad9079b7860323d5584fb9b40eb42668c21eaf1%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r268850f26639ebe249356ed6d8edb54ee8943be6f200f770784fb190%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r27b7e5a588ec826b15f38c40be500c50073400019ce7b8adfd07fece%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2e93ce23e04c3f0a61e987d1111d0695cb668ac4ec4edbf237bd3e80%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r312ce5bd3c6bf08c138349b507b6f1c25fe9cf40b6f2b0014c9d12b1%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r32b0b640ad2be3b858f0af51c68a7d5c5a66a462c8bbb93699825cd3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r33eb06b05afbc7df28d31055cae0cb3fd36cab808c884bf6d680bea5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r393a339ab0b63ef9e6502253eeab26e7643b3e69738d5948b2b1d064%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3c293431c781696681abbfe1c573c2d9dcdae6fd3ff330ea22f0433f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3c4596b9b37f5ae91628ccf169d33cd5a0da4b16b6c39d5bad8e03f3%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3ff9e735ca33612d900607dc139ebd38a64cadc6bce292e53eb86d7f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5fc5786cdd640b1b0a3c643237ce0011f0a08a296b11c0e2c669022c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r67e6a636cbc1958383a1cd72b7fd0cd7493360b1dd0e6c12f5761798%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6aee7e3566cb3e51eeed2fd8786704d91f80a7581e00a787ba9f37f6%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r70cebada51bc6d49138272437d8a28fe971d0197334ef906b575044c%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r86cd38a825ab2344f3e6cad570528852f29a4ffdf56ab67d75c36edf%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8bcaf7821247b1836b10f6a1a3a3212b06272fd4cde4a859de1b78cf%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9051e4f484a970b5566dc1870ecd9c1eb435214e2652cf3ea4d0c0cc%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r905b92099998291956eebf4f1c5d95f5a0cbcece2946cc46d32274fd%40%3Cdev.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r96ce18044880c33634c4b3fcecc57b8b90673c9364d63eba00385523%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra83096bcbfe6e1f4d54449f8a013117a0536404e9d307ab4a0d34f81%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra96c74c37ed7252f78392e1ad16442bd16ae72a4d6c8db50dd55c88b%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/racc191a1f70a4f13155e8002c61bddef2870b26441971c697436ad5d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rae198f44c3f7ac5264045e6ba976be1703cff38dcf1609916e50210d%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb95d42ce220ed4a4683aa17833b5006d657bc4254bc5cb03cd5e6bfb%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbadcbcb50195f00bbd196403865ced521ca70787999583c07be38d0e%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc165e36ca7cb5417aec3f21bbc4ec00fb38ecebdd96a82cfab9bd56f%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc73b8dd01b1be276d06bdf07883ecd93fe1a01f139a99ef30ba4308c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcf3752209a8b04996373bf57fdc808b3bfaa2be8702698a0323641f8%40%3Ccommits.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcfc154eb2de23d2dc08a56100341161e1a40a8ea86c693735437e8f2%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcfc535afd413d9934d6ee509dce234dac41fa3747a7555befb17447e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd25c88aad0e76240dd09f0eb34bdab924933946429e068a167adcb73%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdb4db3f5a9c478ca52a7b164680b88877a5a9c174e7047676c006b2c%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdc096e13ac4501ea2e2b03a197682a313b85d3d3ec89d5ae5551b384%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re4f70b62843e92163fab03b65e2aa8078693293a0c36f1cc260079ed%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re6207ebe2ca4d44f2a6deee695ad6f27fd29d78980f1d46ed1574f91%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/reafc834062486adfc7be5bb8f7b7793be0d33f483678a094c3f9d468%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf87b870a22aa5c77c27900967b518a71a7d954c2952860fce3794b60%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfff6ff8ffb31e8a32619c79774def44b6ffbb037c128c5ad3eab7171%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1981407 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | wildfly_elytron | * | |
| redhat | wildfly_elytron | * | |
| redhat | wildfly_elytron | * | |
| redhat | build_of_quarkus | - | |
| redhat | codeready_studio | 12.0 | |
| redhat | data_grid | 8.0 | |
| redhat | descision_manager | 7.0 | |
| redhat | integration_camel_k | - | |
| redhat | integration_camel_quarkus | * | |
| redhat | jboss_enterprise_application_platform | 7.0.0 | |
| redhat | jboss_enterprise_application_platform_expansion_pack | - | |
| redhat | jboss_fuse | 7.0.0 | |
| redhat | openshift_application_runtimes | - | |
| redhat | process_automation | 7.0 | |
| quarkus | quarkus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB7C68F-D18A-4F07-8505-4B116A719CE3",
"versionEndExcluding": "1.10.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84CCC98-0A89-4B0E-BBBF-D31F274454E8",
"versionEndExcluding": "1.15.5",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23DE02D1-460C-4EE2-B7CA-E8FF2BAB928D",
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAF877F-B8D5-4313-AC5C-26BB82006B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7095200A-4DAC-4433-99E8-86CA88E1E4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5863BBF-829E-44EF-ACE8-61D5037251F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FC54571-8F52-434F-BE20-96ECFC7195F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DC3D37-B532-4EEC-8D38-2710EBE2F85B",
"versionEndIncluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality."
},
{
"lang": "es",
"value": "Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si est\u00e1 habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad."
}
],
"id": "CVE-2021-3642",
"lastModified": "2024-11-21T06:22:03.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:13.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981407"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-08 20:15
Modified
2024-11-21 05:47
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E687331-EF1E-42A3-8CCD-8F231E48F79C",
"versionEndExcluding": "4.1.59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64839EBF-078E-492A-897C-9AFFB7678ED8",
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E14324D-B9EE-4C06-ACC7-255189ED6300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEBB60F-6EAB-4AE5-B777-5044C657FBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B185C1EA-71E6-4972-8637-08A33CC00841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A67AA54B-258D-4D09-9ACB-4085E0B3E585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
"versionEndExcluding": "20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method \"File.createTempFile\" on unix-like systems creates a random file, but, by default will create this file with the permissions \"-rw-r--r--\". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty\u0027s \"AbstractDiskHttpData\" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own \"java.io.tmpdir\" when you start the JVM or use \"DefaultHttpDataFactory.setBaseDir(...)\" to set the directory to something that is only readable by the current user."
},
{
"lang": "es",
"value": "Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y as\u00edncrono controlado por eventos para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty anterior a la versi\u00f3n 4.1.59.Final, se presenta una vulnerabilidad en sistemas similares a Unix que involucra un archivo temporal no seguro.\u0026#xa0;Cuando se usan los decodificadores multiparte de netty, la divulgaci\u00f3n de informaci\u00f3n local puede ocurrir por medio del directorio temporal del sistema local si el almacenamiento temporal de cargas en el disco est\u00e1 habilitado.\u0026#xa0;En sistemas tipo Unix, el directorio temporal se comparte entre todos los usuarios.\u0026#xa0;Tal y como, escribir en este directorio utilizando las API que no establezcan expl\u00edcitamente los permisos de archivo/directorio puede conducir a una divulgaci\u00f3n de informaci\u00f3n.\u0026#xa0;Cabe se\u00f1alar que esto no afecta a los sistemas operativos MacOS modernos.\u0026#xa0;El m\u00e9todo \"File.createTempFile\" en sistemas similares a Unix crea un archivo aleatorio, pero,\u0026#xa0;por defecto crear\u00e1 este archivo con los permisos \"-rw-r - r--\".\u0026#xa0;Por lo tanto, si se escribe informaci\u00f3n confidencial en este archivo, otros usuarios locales pueden leer esta informaci\u00f3n.\u0026#xa0;Este es el caso en el que \"AbstractDiskHttpData\" de netty es vulnerable.\u0026#xa0;Esto ha sido corregido en la versi\u00f3n 4.1.59.Final.\u0026#xa0;Como soluci\u00f3n alternativa, se puede especificar su propio \"java.io.tmpdir\" al iniciar la JVM o utilizar \"DefaultHttpDataFactory.setBaseDir(...)\" para establecer el directorio en algo que solo el usuario actual pueda leer"
}
],
"id": "CVE-2021-21290",
"lastModified": "2024-11-21T05:47:56.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-08T20:15:12.433",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0011/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-378"
},
{
"lang": "en",
"value": "CWE-379"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-18 19:15
Modified
2024-11-21 05:18
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27485916-36BB-4E37-BA15-97F6B349AE76",
"versionEndExcluding": "3.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5E7D12-6900-4E56-BA10-EE19CF8BD9C3",
"versionEndIncluding": "4.5.6",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9495583C-505E-4AAB-BE79-1EBAC1DB247B",
"versionEndIncluding": "1.11.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server\u0027s potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el cliente RESTEasy en todas las versiones de RESTEasy hasta 4.5.6.Final.\u0026#xa0;Puede permitir a usuarios del cliente obtener informaci\u00f3n potencialmente confidencial del servidor cuando el servidor obtuvo una WebApplicationException de la llamada del cliente RESTEasy.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos"
}
],
"id": "CVE-2020-25633",
"lastModified": "2024-11-21T05:18:17.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T19:15:16.340",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 15:15
Modified
2024-11-21 05:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC283248-0EB5-46CA-A68C-4FF004D606F8",
"versionEndExcluding": "4.1.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E14324D-B9EE-4C06-ACC7-255189ED6300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEBB60F-6EAB-4AE5-B777-5044C657FBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B185C1EA-71E6-4972-8637-08A33CC00841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "040DA31B-2A0C-46F6-8EDF-9B88F9FB0F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE34D4F7-5C18-4578-8D0A-722FDF931333",
"versionEndExcluding": "9.2.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7167D144-C4AE-487F-B59A-888E10EA59DF",
"versionEndExcluding": "21.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64839EBF-078E-492A-897C-9AFFB7678ED8",
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
},
{
"lang": "es",
"value": "Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y as\u00edncrono event-driven para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty (io.netty:netty-codec-http2) versiones anteriores a 4.1.61.Final se presenta una vulnerabilidad que permite el trafico no autorizado de peticiones.\u0026#xa0;El encabezado content-length no es comprobado correctamente si la petici\u00f3n solo usa un \u00fanico Http2HeaderFrame con endStream establecido en verdadero.\u0026#xa0;Esto podr\u00eda conllevar al trafico no autorizado de peticiones si la petici\u00f3n se env\u00eda a un peer remoto y se traduce a HTTP/1.1.\u0026#xa0;Este es un seguimiento de GHSA-wm47-8v5p-wjpj/CVE-2021-21295 que no pudo solucionar este caso.\u0026#xa0;Esto se corrigi\u00f3 como parte de la versi\u00f3n 4.1.61.Final."
}
],
"id": "CVE-2021-21409",
"lastModified": "2024-11-21T05:48:17.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T15:15:14.573",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-25 17:15
Modified
2024-11-21 05:46
Severity ?
6.4 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@mongodb.com | https://jira.mongodb.org/browse/JAVA-4017 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.mongodb.org/browse/JAVA-4017 | Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mongodb | java_driver | * | |
| mongodb | java_driver | * | |
| mongodb | java_driver | * | |
| mongodb | java_driver | * | |
| mongodb | java_driver | * | |
| quarkus | quarkus | * | |
| quarkus | quarkus | 1.13.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*",
"matchCriteriaId": "A7269E59-8D72-4459-92D0-C7B725ED290A",
"versionEndExcluding": "3.11.3",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*",
"matchCriteriaId": "564EEC7B-9969-45F8-A358-8034DCEDCE5E",
"versionEndExcluding": "3.12.8",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*",
"matchCriteriaId": "97F149A2-F169-40CB-974D-91C6AB2D49DD",
"versionEndExcluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*",
"matchCriteriaId": "B7E4EF7D-C0F9-4B91-B7FE-5295F91AA108",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:java_driver:*:*:*:*:*:mongodb:*:*",
"matchCriteriaId": "482332D0-4581-459D-A187-063F5BDEA2FF",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5D8178-3D1D-4AFE-80A3-7B68BF24E420",
"versionEndExcluding": "1.13.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:1.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9EEC47CA-B2E0-437D-B8BF-C0DA5713BFB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server\u2019s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don\u2019t use Field Level Encryption."
},
{
"lang": "es",
"value": "Las versiones espec\u00edficas del controlador de Java que soportan el client-side field level encryption (CSFLE) presentan un fallo al realizar una comprobaci\u00f3n correcta del nombre del host en el certificado del servidor KMS. Esta vulnerabilidad, en combinaci\u00f3n con un ataque MITM activo en una posici\u00f3n de red privilegiada, podr\u00eda resultar en una interceptaci\u00f3n del tr\u00e1fico entre el controlador de Java y el servicio KMS, haciendo que el cifrado a nivel de campo sea ineficaz. Este problema se detect\u00f3 durante las pruebas internas y afecta a todas las versiones del controlador de Java que soportan CSFLE. Los controladores Java async, Scala y flujos reactivos no est\u00e1n afectados. Esta vulnerabilidad no afecta a las cargas de tr\u00e1fico del controlador con servicios clave compatibles con CSFLE que se originan en aplicaciones que residen dentro de los tejidos de red de AWS, GCP y Azure debido a los controles de compensaci\u00f3n en estos entornos. Este problema no afecta a las cargas de trabajo de los controladores que no usan Field Level Encryption"
}
],
"id": "CVE-2021-20328",
"lastModified": "2024-11-21T05:46:23.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "cna@mongodb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-25T17:15:28.303",
"references": [
{
"source": "cna@mongodb.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://jira.mongodb.org/browse/JAVA-4017"
}
],
"sourceIdentifier": "cna@mongodb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "cna@mongodb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-31 16:15
Modified
2024-11-21 07:01
Severity ?
Summary
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/quarkusio/quarkus/issues/26748 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/quarkusio/quarkus/issues/26748 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10673B6C-4242-4C0A-9CC2-888ACF185D66",
"versionEndExcluding": "2.10.4",
"versionStartIncluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior."
},
{
"lang": "es",
"value": "Se ha detectado que Quarkus versi\u00f3n 2.10.x, no termina el contexto de el encabezado de las peticiones HTTP, lo que puede conllevar a un comportamiento imprevisible"
}
],
"id": "CVE-2022-2466",
"lastModified": "2024-11-21T07:01:02.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T16:15:10.943",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/quarkusio/quarkus/issues/26748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/quarkusio/quarkus/issues/26748"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-06 19:15
Modified
2024-11-21 07:34
Severity ?
Summary
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-4147 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-4147 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "258F3A5C-C12A-4F88-9F60-EF293D9C00DA",
"versionEndExcluding": "2.13.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C2280D-5F0E-4E86-BA5B-0121A284B836",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request."
},
{
"lang": "es",
"value": "El filtro Quarkus CORS permite que contin\u00faen solicitudes GET y POST simples con origen no v\u00e1lido. Las solicitudes GET o POST simples realizadas con XMLHttpRequest son aquellas que no tienen detectores de eventos registrados en el objeto devuelto por la propiedad de carga XMLHttpRequest y no tienen ning\u00fan objeto ReadableStream utilizado en la solicitud."
}
],
"id": "CVE-2022-4147",
"lastModified": "2024-11-21T07:34:40.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-06T19:15:10.613",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4147"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1026"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-06 14:15
Modified
2024-11-21 04:55
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | hibernate_validator | * | |
| redhat | hibernate_validator | * | |
| redhat | hibernate_validator | 7.0.0 | |
| ibm | websphere_application_server | * | |
| redhat | jboss_enterprise_application_platform | 7.2.0 | |
| redhat | jboss_enterprise_application_platform | 7.3.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | satellite | 6.8 | |
| redhat | satellite_capsule | 6.8 | |
| quarkus | quarkus | * | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC03ED08-C2B3-4871-9217-39EDDF6314E9",
"versionEndExcluding": "6.0.20",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB865C4-682A-4471-9DCC-4AF53FBAF795",
"versionEndExcluding": "6.1.5",
"versionStartIncluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:hibernate_validator:7.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "CD694646-E837-4704-8E22-4E67F9F7B62C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*",
"matchCriteriaId": "5E3A3BE5-0B6D-456C-802B-46DEE26E7E07",
"versionEndIncluding": "20.0.0.10",
"versionStartIncluding": "17.0.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B157A2D-3422-4224-82D9-15AB3B989075",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F44842C9-AC91-400D-BF0D-26E8012BDDCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite_capsule:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49E2F8D1-068A-4367-ADE0-32E71D6AA831",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD20C55-1888-477C-923F-B25E8B5CD239",
"versionEndIncluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Hibernate Validator versi\u00f3n 6.1.2.Final. Un error en el procesador de interpolaci\u00f3n de mensajes permite evaluar expresiones EL no v\u00e1lidas como si fueran v\u00e1lidas. Este fallo permite a atacantes omitir los controles de saneamiento de entrada (escape, despojo) que los desarrolladores pueden haber implementado cuando manejan datos controlados por el usuario en mensajes de error."
}
],
"id": "CVE-2020-10693",
"lastModified": "2024-11-21T04:55:52.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-06T14:15:10.753",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 16:15
Modified
2024-11-21 05:22
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-dataformats-binary | * | |
| fasterxml | jackson-dataformats-binary | * | |
| fasterxml | jackson-dataformats-binary | 2.12.0 | |
| fasterxml | jackson-dataformats-binary | 2.12.0 | |
| fasterxml | jackson-dataformats-binary | 2.12.0 | |
| quarkus | quarkus | * | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-binary:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6621426E-1001-48B0-BEFD-F032AFC27526",
"versionEndExcluding": "2.11.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-binary:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC85B4D7-6952-41AA-822C-7045F6352300",
"versionEndExcluding": "2.12.1",
"versionStartExcluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7FBFAC5C-3C12-4F2B-AFA2-38A5D0867F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AE827068-6625-4634-9385-3672AB9096F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2AD45DB3-F35D-486A-B43B-8B71F4CFE221",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237329EB-B10C-47DC-8D7B-2B98D21E6CE8",
"versionEndExcluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
},
{
"lang": "es",
"value": "Esto afecta al paquete com.fasterxml.jackson.dataformat:jackson-dataformat-cbor versiones desde 0 y anteriores a 2.11.4, versiones desde 2.12.0-rc1 y anteriores a 2.12.1.\u0026#xa0;Una asignaci\u00f3n no comprobada de b\u00fafer de bytes puede causar una excepci\u00f3n de java.lang.OutOfMemoryError"
}
],
"id": "CVE-2020-28491",
"lastModified": "2024-11-21T05:22:53.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T16:15:13.207",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"source": "report@snyk.io",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-19 12:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql_connectors | * | |
| quarkus | quarkus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C45263D-F272-43ED-9D16-0AD7D43AAA9C",
"versionEndIncluding": "8.0.27",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00DB1A4B-0ED9-4988-ADCA-FBFA552DDA49",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles que est\u00e1n afectadas son 8.0.27 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante muy privilegiado con acceso a la red por medio de m\u00faltiples protocolos comprometer los Conectores de MySQL. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de los Conectores MySQL. CVSS 3.1, Puntuaci\u00f3n base 6.6 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)"
}
],
"id": "CVE-2022-21363",
"lastModified": "2024-11-21T06:44:31.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2022-01-19T12:15:15.680",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-20 10:15
Modified
2024-11-21 08:36
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1985AD9-735A-4BBB-8E7B-B3271DC601C0",
"versionEndExcluding": "2.16.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A7D975-A081-4FA5-A97A-B430102325ED",
"versionEndExcluding": "3.2.6",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51936A7-39F2-42F4-87C5-D99445652F6B",
"versionEndExcluding": "3.3.3",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D54F5AE-61EC-4434-9D5F-9394A3979894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:text-only:*:*:*",
"matchCriteriaId": "ACCC2DC7-4127-4429-BC5B-C555458D790A",
"versionEndExcluding": "2.13.8",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:*",
"matchCriteriaId": "176A2C2D-9397-4238-B803-54F60ED795C8",
"versionEndExcluding": "1.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F039C746-2001-4EE5-835F-49607A94F12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4A0F87-524E-4935-9B07-93793D8143FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*",
"matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B8793-52C2-46E2-8752-92552AD4A643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4857DA21-9127-4F6A-9DA1-96678D9F9472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Quarkus donde las pol\u00edticas de seguridad HTTP no sanitiza correctamente ciertas permutaciones de caracteres al aceptar solicitudes, lo que resulta en una evaluaci\u00f3n incorrecta de los permisos. Este problema podr\u00eda permitir que un atacante eluda la pol\u00edtica de seguridad por completo, lo que resultar\u00eda en un acceso no autorizado al endpoint y posiblemente una Denegaci\u00f3n de Servicio."
}
],
"id": "CVE-2023-4853",
"lastModified": "2024-11-21T08:36:06.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T10:15:14.947",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5170"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5479"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5480"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6107"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6112"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4853"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-148"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-23 15:15
Modified
2024-11-21 05:56
Severity ?
Summary
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:maven:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA089EB2-CBE2-48E0-AC10-5CA3281E41D8",
"versionEndExcluding": "3.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD95A74-029A-48FD-9C34-5ADB1FAB373A",
"versionEndExcluding": "1.13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C284573B-3900-4ABB-ABF9-611F31C1778F",
"versionEndIncluding": "8.0.9.0.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC5B9C-9CE0-41D5-A3B2-AE8481697F67",
"versionEndIncluding": "8.1.2.0",
"versionStartIncluding": "8.1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A01108AF-6B34-46A7-8C20-D83EF131425E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Maven will follow repositories that are defined in a dependency\u2019s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html"
},
{
"lang": "es",
"value": "Apache Maven seguir\u00e1 los repositorios que se definen en el Project Object Model (pom) de una dependencia, lo que puede resultar sorprendente para algunos usuarios, resultando en un riesgo potencial si un actor malicioso se hace cargo de ese repositorio o es capaz de insertarse en una posici\u00f3n para fingir ser ese repositorio.\u0026#xa0;Maven est\u00e1 cambiando el comportamiento predeterminado en versiones 3.8.1+ para que ya no siga las referencias del repositorio http (sin SSL) por defecto.\u0026#xa0;M\u00e1s detalles disponibles en las URL a las que se hace referencia.\u0026#xa0;Si actualmente est\u00e1 utilizando un administrador de repositorios para controlar los repositorios usados por sus compilaciones, no est\u00e1 afectado por los riesgos presentes en el comportamiento heredado y no est\u00e1 afectado por esta vulnerabilidad y cambia al comportamiento predeterminado. Consulte este enlace para mayor informaci\u00f3n sobre la administraci\u00f3n de repositorios: https://maven.apache.org/repository-management.html"
}
],
"id": "CVE-2021-26291",
"lastModified": "2024-11-21T05:56:01.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-23T15:15:09.387",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/23/5"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c%40%3Cdev.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381%40%3Cdev.jena.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457%40%3Cdev.jena.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/23/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0556ce5db7231025785477739ee416b169d8aff5ee9bac7854d64736%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c%40%3Cdev.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r07a89b32783f73bda6903c1f9aadeb859e5bef0a4daed6d87db8e4a9%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r08a401f8c98a99f68d061fde6e6659d695f28d60fe4f0413bcb355b0%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0a5e4ff2a7ca7ad8595d7683afbaeb3b8788ba974681907f97e7dc8e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0d083314aa3934dd4b6e6970d1f6ee50f6eaa9d867deb2cd96788478%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r30e9fcba679d164158cc26236704c351954909c18cb2485d11038aa6%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r340e75c9bb6e8661b89e1cf2c52f4638a18312e57bd884722bc28f52%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r39fa6ec4b7e912d3e04ea68efd23e554ec9c8efa2c96f5b45104fc61%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3f0450dcab7e63b5f233ccfbc6fca5f1867a75c8aa2493ea82732381%40%3Cdev.jena.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r52c6cda14dc6315dc79e72d30109f4589e9c6300ef6dc1a019da32d4%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r53cd5de57aaa126038c5301d8f518f3defab3c5b1c7e17c97bad08d8%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5ae6aaa8a2ce86145225c3516bb45d315c0454e3765d651527e5df8a%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r71bc13669be84c2ff45b74a67929bc2da905c152e12a39b406e3c2a0%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7212b874e575e59d648980d91bc22e684906aee9b211ab92da9591f5%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r74329c671df713f61ae4620ee2452a0443ccad7f33c60e8ed7d21ff9%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r78fb6d2cf0ca332cfa43abd4471e75fa6c517ed9cdfcb950bff48d40%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r86aebd0387ae19b740b3eb28bad83fe6aceca0d6257eaa810a6e0002%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r86e1c81e03f441855f127980e9b3d41939d04a7caea2b7ab718e2288%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r96cc126d3ee9aa42af9d3bb4baa94828b0a5f656584a50dcc594125f%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra88a0eba7f84658cefcecc0143fd8bbad52c229ee5dfcbfdde7b6457%40%3Cdev.jena.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra9d984eccfd2ae7726671e025f0296bf03786e5cdf872138110ac29b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc7ae2530063d1cd1cf8e9fa130d10940760f927168d4063d23b8cd0a%40%3Ccommits.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd6c3a36f1dbc130da1b89d0f320db7040de71661a512695a8d513ac%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re75f8b3dbc5faa1640908f87e644d373e00f8b4e6ba3e2ba4bd2c80b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/red3bf6cbfd99e36b0c0a4fa1cea1eef1eb300c6bd8f372f497341265%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/resources/blog/maven-security-vulnerability-cve-2021-26291/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-23 20:15
Modified
2024-11-21 06:39
Severity ?
Summary
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2062520 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/quarkusio/quarkus/issues/23269 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2062520 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/quarkusio/quarkus/issues/23269 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F05F34FF-5EFC-4877-8E43-6FD74F2227FF",
"versionEndExcluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Quarkus. El estado y los permisos potencialmente asociados pueden filtrarse de una petici\u00f3n web a otra en RestEasy Reactive. Este fallo permite a un usuario con pocos privilegios llevar a cabo operaciones en la base de datos con un conjunto de privilegios diferente al previsto"
}
],
"id": "CVE-2022-0981",
"lastModified": "2024-11-21T06:39:47.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:10.663",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/quarkusio/quarkus/issues/23269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/quarkusio/quarkus/issues/23269"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-02 12:15
Modified
2024-11-21 06:45
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql_jdbc_driver | * | |
| postgresql | postgresql_jdbc_driver | * | |
| postgresql | postgresql_jdbc_driver | 42.3.2 | |
| fedoraproject | fedora | 35 | |
| quarkus | quarkus | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D75A4F23-C692-462A-946A-19E133F1D7C4",
"versionEndExcluding": "42.2.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3025B405-4BEA-4581-9DA8-681EFF0E1065",
"versionEndExcluding": "42.3.2",
"versionStartIncluding": "42.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.3.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "72E9D16A-A9C9-4AC5-9897-DC1E96E02DEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E07859-C2B3-49AA-8C8E-122F41607834",
"versionEndExcluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "pgjdbc es el controlador JDBC oficial de PostgreSQL. Se encontr\u00f3 un agujero de seguridad en el controlador jdbc para la base de datos postgresql mientras se hac\u00eda una investigaci\u00f3n de seguridad. El sistema que utiliza la librer\u00eda postgresql ser\u00e1 atacado cuando un atacante controle la url o las propiedades del jdbc. pgjdbc instala instancias de plugins basados en los nombres de clase proporcionados a trav\u00e9s de las propiedades de conexi\u00f3n `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback`. Sin embargo, el controlador no verifica si la clase implementa la interfaz esperada antes de instanciar la clase. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo cargado a trav\u00e9s de clases arbitrarias. Se aconseja a los usuarios que utilicen plugins que se actualicen. No hay soluciones conocidas para este problema"
}
],
"id": "CVE-2022-21724",
"lastModified": "2024-11-21T06:45:18.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-02T12:15:08.390",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 06:01
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/pull/15240 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/pull/15654 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.gradle.org/7.0/release-notes.html#security-advisories | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/15240 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/pull/15654 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBD5FF7-3589-474C-8BA7-0385D3E4BC0F",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF712520-1CFD-473A-B3F5-3CDDFE9C2C9A",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the \"sticky\" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the \"sticky\" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory."
},
{
"lang": "es",
"value": "En Gradle versiones anteriores a 7.0, en sistemas similares a Unix, el directorio temporal del sistema puede ser creado con permisos abiertos que permiten a varios usuarios crear y eliminar archivos dentro de \u00e9l.\u0026#xa0;Las compilaciones de Gradle podr\u00edan ser vulnerables a una escalada de privilegios local de un atacante que elimine y vuelva a crear r\u00e1pidamente archivos en el directorio temporal del sistema.\u0026#xa0;Esta vulnerabilidad afect\u00f3 las compilaciones que usan plugins de script precompilados escritos en Kotlin DSL y pruebas para plugins de Gradle escritos con ProjectBuilder o TestKit.\u0026#xa0;Si tiene Windows o versiones modernas de macOS, no es vulnerable.\u0026#xa0;Si est\u00e1 en un sistema operativo similar a Unix con el bit \"sticky\" configurado en el directorio temporal de su sistema, no es vulnerable.\u0026#xa0;El problema se ha corregido y publicado con Gradle 7.0.\u0026#xa0;Como soluci\u00f3n alternativa, en sistemas operativos similares a Unix, aseg\u00farese de que el bit \"sticky\" est\u00e1 establecido.\u0026#xa0;Esto solo permite que el usuario original (o root) elimine un archivo.\u0026#xa0;Si no puede cambiar los permisos del directorio temporal del sistema, puede mover el directorio temporal de Java configurando la propiedad del sistema `java.io.tmpdir`.\u0026#xa0;La nueva ruta debe limitar los permisos solo al usuario de la compilaci\u00f3n.\u0026#xa0;Para obtener detalles adicionales, consulte el Aviso de Seguridad de GitHub al que se hace referencia"
}
],
"id": "CVE-2021-29428",
"lastModified": "2024-11-21T06:01:04.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T20:15:21.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/pull/15240"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/pull/15654"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.gradle.org/7.0/release-notes.html#security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/pull/15240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/pull/15654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-378"
},
{
"lang": "en",
"value": "CWE-379"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-23 20:15
Modified
2024-11-21 07:36
Severity ?
Summary
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-0044 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2158081 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-0044 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2158081 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quarkus | quarkus | * | |
| redhat | build_of_quarkus | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB1115-A9F5-46F0-AB03-BBEFD72FA293",
"versionEndExcluding": "2.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature."
}
],
"id": "CVE-2023-0044",
"lastModified": "2024-11-21T07:36:27.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-23T20:15:12.823",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158081"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:03
Severity ?
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4956B3D4-4B4B-4D63-87A0-03416A487A07",
"versionEndIncluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
"versionEndExcluding": "2.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18DF6E75-8665-4E73-8E6F-634D8E581831",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles que est\u00e1n afectadas son 8.0.26 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante muy privilegiado con acceso a la red por medio de m\u00faltiples protocolos comprometer a MySQL Connectors. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de los Conectores MySQL y en la habilidad no autorizada de causar una suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completa) de MySQL Connectors. CVSS 3.1 Puntuaci\u00f3n Base 5.9 (impactos en la Confidencialidad y la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)"
}
],
"id": "CVE-2021-2471",
"lastModified": "2024-11-21T06:03:11.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2021-10-20T11:16:17.117",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 09:15
Modified
2024-11-21 06:16
Severity ?
Summary
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D255E1-95C1-4A9B-B934-E2F0DB117CF2",
"versionEndExcluding": "2.6.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F46DB5-7FE5-4496-AC7F-CA471BBE3866",
"versionEndExcluding": "2.7.2",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:kafka:2.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AF660B80-E5F4-4253-95F6-91AABDDC8944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
"versionEndExcluding": "12.0.0.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8C8B8-1D49-4AE6-9581-8C9D6F2EEBFF",
"versionEndIncluding": "8.0.9.0",
"versionStartIncluding": "8.0.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DCBA98-B60C-4D51-960D-2C0833762CC7",
"versionEndIncluding": "8.1.20",
"versionStartIncluding": "8.1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "147A4225-A2D5-4AA1-96D1-6D95A192B596",
"versionEndIncluding": "8.0.8.0",
"versionStartIncluding": "8.0.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64D669C-513E-4C53-8BB8-13EB336CDC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BDDBCD-4038-4BEC-91DB-587C2FBC6369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6394E90-2F2C-4955-9F97-BFED76D4333B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."
},
{
"lang": "es",
"value": "Algunos componentes de Apache Kafka usan \"Arrays.equals\" para comprender una contrase\u00f1a o clave, lo cual es vulnerable a ataques de tiempo que hacen que los ataques de fuerza bruta para dichas credenciales tengan m\u00e1s probabilidades de \u00e9xito. Los usuarios deben actualizar a la versi\u00f3n 2.8.1 o superior, o a la 3.0.0 o superior, donde se ha corregido esta vulnerabilidad. Las versiones afectadas son Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1 y 2.8.0"
}
],
"id": "CVE-2021-38153",
"lastModified": "2024-11-21T06:16:30.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T09:15:07.847",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kafka.apache.org/cve-list"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-25 19:15
Modified
2024-12-04 08:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B27FE57-901A-496C-B2C1-F647C91E7B51",
"versionEndExcluding": "2.13.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE831ED-C431-4CCF-AB2D-67BBC88FAE4D",
"versionEndExcluding": "3.2.9",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:2.13.9:-:*:*:*:*:*:*",
"matchCriteriaId": "AF6EB005-F254-47A9-B963-E1AD508F55FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quarkus:quarkus:3.2.9:-:*:*:*:*:*:*",
"matchCriteriaId": "DCA0123C-E209-4037-A021-A3B95305A453",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el payload json. Si se utiliza seguridad basada en anotaciones para proteger un recurso REST, el cuerpo JSON que el recurso puede consumir se procesa (deserializa) antes de que se eval\u00faen y apliquen las restricciones de seguridad. Esto no sucede con la seguridad basada en configuraci\u00f3n."
}
],
"id": "CVE-2023-6267",
"lastModified": "2024-12-04T08:15:05.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-25T19:15:08.260",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0494"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0495"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6267"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-26 22:15
Modified
2024-11-21 05:59
Severity ?
Summary
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| emo@eclipse.org | https://github.com/eclipse-ee4j/el-ri/issues/155 | Exploit, Issue Tracking, Third Party Advisory | |
| emo@eclipse.org | https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ | Exploit, Third Party Advisory | |
| emo@eclipse.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse-ee4j/el-ri/issues/155 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jakarta_expression_language | * | |
| quarkus | quarkus | * | |
| oracle | communications_cloud_native_core_policy | 1.14.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jakarta_expression_language:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D9319-3396-43B2-8466-D9C40E2D4680",
"versionEndIncluding": "3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0158D3-CF4B-4355-8F33-D57BFC1C0398",
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid."
},
{
"lang": "es",
"value": "En la implementaci\u00f3n de Jakarta Expression Language versiones 3.0.3 y anteriores, un bug en la funci\u00f3n ELParserTokenManager permite que las expresiones EL no v\u00e1lidas sean evaluadas como si fueran v\u00e1lidas"
}
],
"id": "CVE-2021-28170",
"lastModified": "2024-11-21T05:59:14.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-26T22:15:07.980",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}