Vulnerability-Lookup

CVE-2020-14040 (GCVE-0-2020-14040)

Vulnerability from cvelistv5 – Published: 2020-06-17 19:22 – Updated: 2024-08-04 12:32

Summary

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

2 references

URL	Tags
https://groups.google.com/forum/#%21topic/golang-…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0"
          },
          {
            "name": "FEDORA-2020-a55f130272",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-07T18:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0"
        },
        {
          "name": "FEDORA-2020-a55f130272",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
            },
            {
              "name": "FEDORA-2020-a55f130272",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14040",
    "datePublished": "2020-06-17T19:22:31.000Z",
    "dateReserved": "2020-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:32:14.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-14040",
      "date": "2026-06-22",
      "epss": "0.01855",
      "percentile": "0.76413"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:text:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.3.3\", \"matchCriteriaId\": \"C111DDBC-C8B1-498F-8F36-C8AB6E1134D7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.\"}, {\"lang\": \"es\", \"value\": \"El paquete x/text anterior a la versi\\u00f3n 0.3.3 para Go tiene una vulnerabilidad en la codificaci\\u00f3n/unicode que podr\\u00eda llevar al decodificador UTF-16 a ingresar en un bucle infinito, causando que el programa se bloquee o se ejecute fuera de la memoria. Un atacante podr\\u00eda proporcionar un solo byte a un decodificador UTF16 instanciado con UseBOM o ExpectBOM para activar un bucle infinito si se llama a la funci\\u00f3n String en el Decoder, o el Decoder es pasado a golang.org/x/text/transform.String\"}]",
      "id": "CVE-2020-14040",
      "lastModified": "2024-11-21T05:02:25.223",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-17T20:15:09.993",
      "references": "[{\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14040\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-17T20:15:09.993\",\"lastModified\":\"2024-11-21T05:02:25.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.\"},{\"lang\":\"es\",\"value\":\"El paquete x/text anterior a la versi\u00f3n 0.3.3 para Go tiene una vulnerabilidad en la codificaci\u00f3n/unicode que podr\u00eda llevar al decodificador UTF-16 a ingresar en un bucle infinito, causando que el programa se bloquee o se ejecute fuera de la memoria. Un atacante podr\u00eda proporcionar un solo byte a un decodificador UTF16 instanciado con UseBOM o ExpectBOM para activar un bucle infinito si se llama a la funci\u00f3n String en el Decoder, o el Decoder es pasado a golang.org/x/text/transform.String\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:text:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.3.3\",\"matchCriteriaId\":\"C111DDBC-C8B1-498F-8F36-C8AB6E1134D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/forum/#%21topic/golang-announce/bXVeAmGOqz0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2021:0420

Vulnerability from csaf_redhat - Published: 2021-02-04 16:14 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat Quay v3.4.0 security update

Severity

Moderate

Notes

Topic: Red Hat Quay 3.4.0 is now available with bug fixes and various enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Quay 3.4.0 release Security Fix(es): * waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785) * waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786) * waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789) * python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310) * python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311) * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) * python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379) * python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538) * openstack-mistral: information disclosure in mistral log (CVE-2019-3866) * python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911) * PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477) * python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313) * yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177) * python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378) * python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2019-3866

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

5.9 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-16785

An HTTP-request vulnerability was discovered in Waitress which implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately, if a front-end server does not process header fields with an LF the same way as it processes those with a CRLF, it can lead to the front-end and the back-end server processing the same HTTP message in two different ways. This vulnerability can lead to a potential for HTTP request smuggling and splitting where Waitress may see two requests, while the front-end server only sees a single HTTP message.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-16786

An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the inner-most encoding first, followed by any further transfer codings, ending with 'chunked'. Because of this flaw, requests sent with: "Transfer-Encoding: gzip, chunked" would get ignored, and waitress would use the Content-Length header instead to determine the body size of the HTTP message. A remote attacker could exploit this flaw to force waitress to accept potentially bad HTTP requests or treat a single request as multiple requests in the case of HTTP pipelining.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-16789

An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server, an HTTP request splitting could occur which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. The highest threat from this vulnerability is data integrity.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-19911

A denial of service vulnerability was found in Pillow in versions before 6.2.2, where the FpxImagePlugin.py file calls the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows systems running 32-bit Python, this flaw results in an OverflowError or MemoryError due to the 2 GB limit. On Linux systems running 64-bit Python, this flaw results in the termination of the process by the out-of-memory (OOM) killer. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-20477

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5311

An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5312

A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5313

An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-8131

An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user’s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-10177

A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10378

A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10379

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10994

An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-11538

An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-14040

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

92 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0420	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1768731	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789532	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789533	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789535	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789538	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789540	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789807	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791415	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791420	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806005	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816261	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852814	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852820	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852824	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852832	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852836	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-3866	self
https://bugzilla.redhat.com/show_bug.cgi?id=1768731	external
https://www.cve.org/CVERecord?id=CVE-2019-3866	external
https://nvd.nist.gov/vuln/detail/CVE-2019-3866	external
https://access.redhat.com/security/cve/CVE-2019-16785	self
https://bugzilla.redhat.com/show_bug.cgi?id=1791420	external
https://www.cve.org/CVERecord?id=CVE-2019-16785	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16785	external
https://docs.pylonsproject.org/projects/waitress/…	external
https://access.redhat.com/security/cve/CVE-2019-16786	self
https://bugzilla.redhat.com/show_bug.cgi?id=1791415	external
https://www.cve.org/CVERecord?id=CVE-2019-16786	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16786	external
https://access.redhat.com/security/cve/CVE-2019-16789	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789807	external
https://www.cve.org/CVERecord?id=CVE-2019-16789	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16789	external
https://docs.pylonsproject.org/projects/waitress/…	external
https://access.redhat.com/security/cve/CVE-2019-19911	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789540	external
https://www.cve.org/CVERecord?id=CVE-2019-19911	external
https://nvd.nist.gov/vuln/detail/CVE-2019-19911	external
https://access.redhat.com/security/cve/CVE-2019-20477	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806005	external
https://www.cve.org/CVERecord?id=CVE-2019-20477	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20477	external
https://access.redhat.com/security/cve/CVE-2020-5310	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789538	external
https://www.cve.org/CVERecord?id=CVE-2020-5310	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5310	external
https://access.redhat.com/security/cve/CVE-2020-5311	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789535	external
https://www.cve.org/CVERecord?id=CVE-2020-5311	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5311	external
https://access.redhat.com/security/cve/CVE-2020-5312	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789533	external
https://www.cve.org/CVERecord?id=CVE-2020-5312	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5312	external
https://access.redhat.com/security/cve/CVE-2020-5313	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789532	external
https://www.cve.org/CVERecord?id=CVE-2020-5313	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5313	external
https://access.redhat.com/security/cve/CVE-2020-8131	self
https://bugzilla.redhat.com/show_bug.cgi?id=1816261	external
https://www.cve.org/CVERecord?id=CVE-2020-8131	external
https://nvd.nist.gov/vuln/detail/CVE-2020-8131	external
https://access.redhat.com/security/cve/CVE-2020-10177	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852824	external
https://www.cve.org/CVERecord?id=CVE-2020-10177	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10177	external
https://access.redhat.com/security/cve/CVE-2020-10378	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852832	external
https://www.cve.org/CVERecord?id=CVE-2020-10378	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10378	external
https://access.redhat.com/security/cve/CVE-2020-10379	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852836	external
https://www.cve.org/CVERecord?id=CVE-2020-10379	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10379	external
https://access.redhat.com/security/cve/CVE-2020-10994	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852820	external
https://www.cve.org/CVERecord?id=CVE-2020-10994	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10994	external
https://access.redhat.com/security/cve/CVE-2020-11538	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852814	external
https://www.cve.org/CVERecord?id=CVE-2020-11538	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11538	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external

Acknowledgments

the OpenStack project

Kindred Group PLC Gauvain Pocentek and Clément Beaufils

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Quay 3.4.0 is now available with bug fixes and various\nenhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.4.0 release\n\nSecurity Fix(es):\n\n* waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)\n\n* waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)\n\n* waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)\n\n* python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)\n\n* python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)\n\n* python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)\n\n* python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)\n\n* python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)\n\n* openstack-mistral: information disclosure in mistral log (CVE-2019-3866)\n\n* python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)\n\n* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)\n\n* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)\n\n* yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)\n\n* python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)\n\n* python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0420",
        "url": "https://access.redhat.com/errata/RHSA-2021:0420"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1768731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731"
      },
      {
        "category": "external",
        "summary": "1789532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532"
      },
      {
        "category": "external",
        "summary": "1789533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533"
      },
      {
        "category": "external",
        "summary": "1789535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535"
      },
      {
        "category": "external",
        "summary": "1789538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538"
      },
      {
        "category": "external",
        "summary": "1789540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540"
      },
      {
        "category": "external",
        "summary": "1789807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807"
      },
      {
        "category": "external",
        "summary": "1791415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415"
      },
      {
        "category": "external",
        "summary": "1791420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420"
      },
      {
        "category": "external",
        "summary": "1806005",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005"
      },
      {
        "category": "external",
        "summary": "1816261",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261"
      },
      {
        "category": "external",
        "summary": "1852814",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814"
      },
      {
        "category": "external",
        "summary": "1852820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820"
      },
      {
        "category": "external",
        "summary": "1852824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824"
      },
      {
        "category": "external",
        "summary": "1852832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832"
      },
      {
        "category": "external",
        "summary": "1852836",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0420.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay v3.4.0 security update",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:03+00:00",
      "generator": {
        "date": "2026-06-02T17:26:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:0420",
      "initial_release_date": "2021-02-04T16:14:00+00:00",
      "revision_history": [
        {
          "date": "2021-02-04T16:14:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-04T16:14:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                  "product_id": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_id": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                "product": {
                  "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_id": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-openshift-bridge-rhel8-operator\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                "product": {
                  "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                  "product_id": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.4.0-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                "product": {
                  "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                  "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                "product": {
                  "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                  "product_id": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.4.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                  "product_id": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                  "product_id": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.4.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                "product": {
                  "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                  "product_id": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.4.0-132"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                "product": {
                  "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                  "product_id": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.4.0-51"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64"
        },
        "product_reference": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64"
        },
        "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64"
        },
        "product_reference": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64"
        },
        "product_reference": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64"
        },
        "product_reference": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        },
        "product_reference": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenStack project"
          ]
        },
        {
          "names": [
            "Gauvain Pocentek and Cl\u00e9ment Beaufils"
          ],
          "organization": "Kindred Group PLC",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2019-3866",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "discovery_date": "2019-11-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1768731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information-exposure vulnerability was discovered where openstack-mistral\u0027s undercloud log files containing clear-text information were made world readable.  A malicious system user could exploit this flaw to access sensitive user information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openstack-mistral: information disclosure in mistral log",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-3866"
        },
        {
          "category": "external",
          "summary": "RHBZ#1768731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-3866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3866"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866"
        }
      ],
      "release_date": "2019-11-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        },
        {
          "category": "workaround",
          "details": "Plain text information can be masked by ensuring that all mistral log files are not world readable.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openstack-mistral: information disclosure in mistral log"
    },
    {
      "cve": "CVE-2019-16785",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1791420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-request vulnerability was discovered in Waitress which implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately, if a front-end server does not process header fields with an LF the same way as it processes those with a CRLF, it can lead to the front-end and the back-end server processing the same HTTP message in two different ways. This vulnerability can lead to a potential for HTTP request smuggling and splitting where Waitress may see two requests, while the front-end server only sees a single HTTP message.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP request smuggling through LF vs CRLF handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13,  because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "RHBZ#1791420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6"
        }
      ],
      "release_date": "2019-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP request smuggling through LF vs CRLF handling"
    },
    {
      "cve": "CVE-2019-16786",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1791415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the inner-most encoding first, followed by any further transfer codings, ending with \u0027chunked\u0027. Because of this flaw, requests sent with: \"Transfer-Encoding: gzip, chunked\" would get ignored, and waitress would use the Content-Length header instead to determine the body size of the HTTP message. A remote attacker could exploit this flaw to force waitress to accept potentially bad HTTP requests or treat a single request as multiple requests in the case of HTTP pipelining.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP request smuggling through invalid Transfer-Encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13,  because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "RHBZ#1791415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6"
        }
      ],
      "release_date": "2019-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP request smuggling through invalid Transfer-Encoding"
    },
    {
      "cve": "CVE-2019-16789",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789807"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server, an HTTP request splitting could occur which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. The highest threat from this vulnerability is data integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nFor Red Hat OpenStack Platform 13,  because the flaw has a lower impact and  the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789807",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2"
        }
      ],
      "release_date": "2019-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers"
    },
    {
      "cve": "CVE-2019-19911",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789540"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in Pillow in versions before 6.2.2, where the FpxImagePlugin.py file calls the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows systems running 32-bit Python, this flaw results in an OverflowError or MemoryError due to the 2 GB limit. On Linux systems running 64-bit Python, this flaw results in the termination of the process by the out-of-memory (OOM) killer. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include python-olefile, which is necessary to use the FPX image plugin.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19911"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789540",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19911"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py"
    },
    {
      "cve": "CVE-2019-20477",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806005"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "PyYAML: command execution through python/object/apply constructor in FullLoader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of PyYAML as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the class FullLoader, which contains this vulnerability.\n\nThe PyYAML libary that is provided in the Red Hat OpenStack repositories is vulnerable. However, because there are no instances where this library is used in a way which exposes the vulnerability, the impact to OpenStack products has been reduced to \u0027low\u0027 and Red Hat will not be providing a fix at this time.  Any updates will be through RHEL channels.\n\nRed Hat Quay 3.2 uses the vulnerable load function, but only to parse the Nginx configuration file, which only contains trusted data.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20477"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806005",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477"
        }
      ],
      "release_date": "2019-11-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        },
        {
          "category": "workaround",
          "details": "Use `yaml.safe_load` or the SafeLoader loader when you parse untrusted input.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "PyYAML: command execution through python/object/apply constructor in FullLoader"
    },
    {
      "cve": "CVE-2020-5310",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they did not include support for tiled TIFF images, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5310"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5310"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode"
    },
    {
      "cve": "CVE-2020-5311",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789535"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5311"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789535",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c"
    },
    {
      "cve": "CVE-2020-5312",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5312"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5312"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c"
    },
    {
      "cve": "CVE-2020-5313",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5313"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5313"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images"
    },
    {
      "cve": "CVE-2020-8131",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816261"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user\u2019s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "yarn: Arbitrary filesystem write via tar expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Normally yarn allows packages to run postinstall scripts which can write arbitrary files to the users system. This vulnerability allows an attacker to better hide the attack and also allow arbitrary file write when postinstall scripts are disabled with the \u0027--ignore-scripts\u0027 option of \u0027yarn install\u0027.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8131"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816261",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131"
        }
      ],
      "release_date": "2020-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "yarn: Arbitrary filesystem write via tar expansion"
    },
    {
      "cve": "CVE-2020-10177",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10177"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10177"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c"
    },
    {
      "cve": "CVE-2020-10378",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852832"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state-\u003eshuffle is instructed to read beyond state-\u003ebuffer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10378"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852832",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10378"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files"
    },
    {
      "cve": "CVE-2020-10379",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852836"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While python-pillow is listed as a dependency of Red Hat Quay, it is not used by the application.\n\nThis issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they provide an older version of the code which does not include the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10379"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852836",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10379"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()"
    },
    {
      "cve": "CVE-2020-10994",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852820"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the JP2 image parser, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10994"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852820",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10994"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file"
    },
    {
      "cve": "CVE-2020-11538",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2020-07-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11538"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11538"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538"
        }
      ],
      "release_date": "2020-07-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    }
  ]
}

RHSA-2021:0799

Vulnerability from csaf_redhat - Published: 2021-03-10 11:41 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update

Severity

Moderate

Notes

Topic: An update is now available for RHEL-8-CNV-2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 2.6.0 images: RHEL-8-CNV-2.6 ============== kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582 Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-9283

A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-15586

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-16845

A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-26160

A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m["aud"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is "". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28362

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-29652

A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2021-3121

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

129 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0799	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1732329	external
https://bugzilla.redhat.com/show_bug.cgi?id=1783192	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791753	external
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://bugzilla.redhat.com/show_bug.cgi?id=1848954	external
https://bugzilla.redhat.com/show_bug.cgi?id=1848956	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853911	external
https://bugzilla.redhat.com/show_bug.cgi?id=1854098	external
https://bugzilla.redhat.com/show_bug.cgi?id=1856347	external
https://bugzilla.redhat.com/show_bug.cgi?id=1856953	external
https://bugzilla.redhat.com/show_bug.cgi?id=1859235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860714	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860992	external
https://bugzilla.redhat.com/show_bug.cgi?id=1864577	external
https://bugzilla.redhat.com/show_bug.cgi?id=1866593	external
https://bugzilla.redhat.com/show_bug.cgi?id=1867099	external
https://bugzilla.redhat.com/show_bug.cgi?id=1868817	external
https://bugzilla.redhat.com/show_bug.cgi?id=1873771	external
https://bugzilla.redhat.com/show_bug.cgi?id=1874812	external
https://bugzilla.redhat.com/show_bug.cgi?id=1878499	external
https://bugzilla.redhat.com/show_bug.cgi?id=1879108	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881874	external
https://bugzilla.redhat.com/show_bug.cgi?id=1883232	external
https://bugzilla.redhat.com/show_bug.cgi?id=1883371	external
https://bugzilla.redhat.com/show_bug.cgi?id=1885153	external
https://bugzilla.redhat.com/show_bug.cgi?id=1885418	external
https://bugzilla.redhat.com/show_bug.cgi?id=1887398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1889295	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891285	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891440	external
https://bugzilla.redhat.com/show_bug.cgi?id=1892227	external
https://bugzilla.redhat.com/show_bug.cgi?id=1893278	external
https://bugzilla.redhat.com/show_bug.cgi?id=1893646	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894428	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894824	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894897	external
https://bugzilla.redhat.com/show_bug.cgi?id=1895414	external
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://bugzilla.redhat.com/show_bug.cgi?id=1898072	external
https://bugzilla.redhat.com/show_bug.cgi?id=1898840	external
https://bugzilla.redhat.com/show_bug.cgi?id=1899558	external
https://bugzilla.redhat.com/show_bug.cgi?id=1901480	external
https://bugzilla.redhat.com/show_bug.cgi?id=1902046	external
https://bugzilla.redhat.com/show_bug.cgi?id=1902111	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903014	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903585	external
https://bugzilla.redhat.com/show_bug.cgi?id=1904797	external
https://bugzilla.redhat.com/show_bug.cgi?id=1906199	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907151	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907352	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907691	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907988	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908363	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908421	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908883	external
https://bugzilla.redhat.com/show_bug.cgi?id=1909458	external
https://bugzilla.redhat.com/show_bug.cgi?id=1910857	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911118	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911396	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911662	external
https://bugzilla.redhat.com/show_bug.cgi?id=1912908	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913248	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913320	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913717	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913756	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914177	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914608	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914947	external
https://bugzilla.redhat.com/show_bug.cgi?id=1917908	external
https://bugzilla.redhat.com/show_bug.cgi?id=1917963	external
https://bugzilla.redhat.com/show_bug.cgi?id=1919391	external
https://bugzilla.redhat.com/show_bug.cgi?id=1920576	external
https://bugzilla.redhat.com/show_bug.cgi?id=1920610	external
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://bugzilla.redhat.com/show_bug.cgi?id=1923979	external
https://bugzilla.redhat.com/show_bug.cgi?id=1927373	external
https://bugzilla.redhat.com/show_bug.cgi?id=1931376	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-9283	self
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://www.cve.org/CVERecord?id=CVE-2020-9283	external
https://nvd.nist.gov/vuln/detail/CVE-2020-9283	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-15586	self
https://bugzilla.redhat.com/show_bug.cgi?id=1856953	external
https://www.cve.org/CVERecord?id=CVE-2020-15586	external
https://nvd.nist.gov/vuln/detail/CVE-2020-15586	external
https://groups.google.com/g/golang-announce/c/XZN…	external
https://access.redhat.com/security/cve/CVE-2020-16845	self
https://bugzilla.redhat.com/show_bug.cgi?id=1867099	external
https://www.cve.org/CVERecord?id=CVE-2020-16845	external
https://nvd.nist.gov/vuln/detail/CVE-2020-16845	external
https://groups.google.com/g/golang-announce/c/NyP…	external
https://access.redhat.com/security/cve/CVE-2020-26160	self
https://bugzilla.redhat.com/show_bug.cgi?id=1883371	external
https://www.cve.org/CVERecord?id=CVE-2020-26160	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26160	external
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJAL…	external
https://access.redhat.com/security/cve/CVE-2020-27813	self
https://bugzilla.redhat.com/show_bug.cgi?id=1902111	external
https://www.cve.org/CVERecord?id=CVE-2020-27813	external
https://nvd.nist.gov/vuln/detail/CVE-2020-27813	external
https://github.com/gorilla/websocket/security/adv…	external
https://access.redhat.com/security/cve/CVE-2020-28362	self
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://www.cve.org/CVERecord?id=CVE-2020-28362	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28362	external
https://access.redhat.com/security/cve/CVE-2020-29652	self
https://bugzilla.redhat.com/show_bug.cgi?id=1908883	external
https://www.cve.org/CVERecord?id=CVE-2020-29652	external
https://nvd.nist.gov/vuln/detail/CVE-2020-29652	external
https://groups.google.com/g/golang-announce/c/ouZ…	external
https://access.redhat.com/security/cve/CVE-2021-3121	self
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://www.cve.org/CVERecord?id=CVE-2021-3121	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3121	external
https://access.redhat.com/security/cve/CVE-2021-20206	self
https://bugzilla.redhat.com/show_bug.cgi?id=1919391	external
https://www.cve.org/CVERecord?id=CVE-2021-20206	external
https://nvd.nist.gov/vuln/detail/CVE-2021-20206	external

Acknowledgments

Red Hat Casey Callendrello

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for RHEL-8-CNV-2.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0799",
        "url": "https://access.redhat.com/errata/RHSA-2021:0799"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1732329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732329"
      },
      {
        "category": "external",
        "summary": "1783192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783192"
      },
      {
        "category": "external",
        "summary": "1791753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791753"
      },
      {
        "category": "external",
        "summary": "1804533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
      },
      {
        "category": "external",
        "summary": "1848954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848954"
      },
      {
        "category": "external",
        "summary": "1848956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848956"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1853911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853911"
      },
      {
        "category": "external",
        "summary": "1854098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854098"
      },
      {
        "category": "external",
        "summary": "1856347",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856347"
      },
      {
        "category": "external",
        "summary": "1856953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
      },
      {
        "category": "external",
        "summary": "1859235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859235"
      },
      {
        "category": "external",
        "summary": "1860714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860714"
      },
      {
        "category": "external",
        "summary": "1860992",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860992"
      },
      {
        "category": "external",
        "summary": "1864577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1864577"
      },
      {
        "category": "external",
        "summary": "1866593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866593"
      },
      {
        "category": "external",
        "summary": "1867099",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
      },
      {
        "category": "external",
        "summary": "1868817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868817"
      },
      {
        "category": "external",
        "summary": "1873771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873771"
      },
      {
        "category": "external",
        "summary": "1874812",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874812"
      },
      {
        "category": "external",
        "summary": "1878499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878499"
      },
      {
        "category": "external",
        "summary": "1879108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879108"
      },
      {
        "category": "external",
        "summary": "1881874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881874"
      },
      {
        "category": "external",
        "summary": "1883232",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883232"
      },
      {
        "category": "external",
        "summary": "1883371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
      },
      {
        "category": "external",
        "summary": "1885153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885153"
      },
      {
        "category": "external",
        "summary": "1885418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885418"
      },
      {
        "category": "external",
        "summary": "1887398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887398"
      },
      {
        "category": "external",
        "summary": "1889295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889295"
      },
      {
        "category": "external",
        "summary": "1891285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891285"
      },
      {
        "category": "external",
        "summary": "1891440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891440"
      },
      {
        "category": "external",
        "summary": "1892227",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892227"
      },
      {
        "category": "external",
        "summary": "1893278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893278"
      },
      {
        "category": "external",
        "summary": "1893646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893646"
      },
      {
        "category": "external",
        "summary": "1894428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894428"
      },
      {
        "category": "external",
        "summary": "1894824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894824"
      },
      {
        "category": "external",
        "summary": "1894897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894897"
      },
      {
        "category": "external",
        "summary": "1895414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895414"
      },
      {
        "category": "external",
        "summary": "1897635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
      },
      {
        "category": "external",
        "summary": "1898072",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898072"
      },
      {
        "category": "external",
        "summary": "1898840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898840"
      },
      {
        "category": "external",
        "summary": "1899558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899558"
      },
      {
        "category": "external",
        "summary": "1901480",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901480"
      },
      {
        "category": "external",
        "summary": "1902046",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902046"
      },
      {
        "category": "external",
        "summary": "1902111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111"
      },
      {
        "category": "external",
        "summary": "1903014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903014"
      },
      {
        "category": "external",
        "summary": "1903585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903585"
      },
      {
        "category": "external",
        "summary": "1904797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904797"
      },
      {
        "category": "external",
        "summary": "1906199",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906199"
      },
      {
        "category": "external",
        "summary": "1907151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907151"
      },
      {
        "category": "external",
        "summary": "1907352",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907352"
      },
      {
        "category": "external",
        "summary": "1907691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907691"
      },
      {
        "category": "external",
        "summary": "1907988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907988"
      },
      {
        "category": "external",
        "summary": "1908363",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908363"
      },
      {
        "category": "external",
        "summary": "1908421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908421"
      },
      {
        "category": "external",
        "summary": "1908883",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883"
      },
      {
        "category": "external",
        "summary": "1909458",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909458"
      },
      {
        "category": "external",
        "summary": "1910857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910857"
      },
      {
        "category": "external",
        "summary": "1911118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911118"
      },
      {
        "category": "external",
        "summary": "1911396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911396"
      },
      {
        "category": "external",
        "summary": "1911662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911662"
      },
      {
        "category": "external",
        "summary": "1912908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912908"
      },
      {
        "category": "external",
        "summary": "1913248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913248"
      },
      {
        "category": "external",
        "summary": "1913320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913320"
      },
      {
        "category": "external",
        "summary": "1913717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913717"
      },
      {
        "category": "external",
        "summary": "1913756",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913756"
      },
      {
        "category": "external",
        "summary": "1914177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914177"
      },
      {
        "category": "external",
        "summary": "1914608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914608"
      },
      {
        "category": "external",
        "summary": "1914947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914947"
      },
      {
        "category": "external",
        "summary": "1917908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917908"
      },
      {
        "category": "external",
        "summary": "1917963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917963"
      },
      {
        "category": "external",
        "summary": "1919391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
      },
      {
        "category": "external",
        "summary": "1920576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920576"
      },
      {
        "category": "external",
        "summary": "1920610",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920610"
      },
      {
        "category": "external",
        "summary": "1921650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
      },
      {
        "category": "external",
        "summary": "1923979",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923979"
      },
      {
        "category": "external",
        "summary": "1927373",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927373"
      },
      {
        "category": "external",
        "summary": "1931376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931376"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0799.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:06+00:00",
      "generator": {
        "date": "2026-06-02T17:26:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:0799",
      "initial_release_date": "2021-03-10T11:41:12+00:00",
      "revision_history": [
        {
          "date": "2021-03-10T11:41:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-03-10T11:41:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 2.6 for RHEL 8",
                "product": {
                  "name": "CNV 2.6 for RHEL 8",
                  "product_id": "8Base-CNV-2.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                  "product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.6.0-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                  "product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.6.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                  "product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.6.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v2.6.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_id": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller\u0026tag=v2.6.0-25"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-9283",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2020-02-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1804533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "RHBZ#1804533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
        }
      ],
      "release_date": "2020-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-15586",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2020-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1856953"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "RHBZ#1856953",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
        }
      ],
      "release_date": "2020-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
    },
    {
      "cve": "CVE-2020-16845",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-08-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1867099"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4)  components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "RHBZ#1867099",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
          "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
        }
      ],
      "release_date": "2020-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
    },
    {
      "cve": "CVE-2020-26160",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2020-09-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1883371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jwt-go: access restriction bypass vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The github.com/dgrijalva/jwt-go module is an indirect dependency of the k8s.io/client-go module pulled into Quay Bridge, and Setup operators via the Operator\u0027s SDK generated code. The k8s.io/client-go module does not use jwt-go in an unsafe way [1]. Red Hat Quay components have been marked as wontfix. This may be fixed in the future.\n\nSimilar to Quay, multiple OpenShift Container Platform (OCP) containers include jwt-go as a transient dependency due to go-autorest [1]. As such, those containers do not use jwt-go in an unsafe way. They have been marked wontfix at this time and may be fixed in a future update.\n\nSame as Quay and OpenShift Container Platform, components shipped with Red Hat OpenShift Container Storage 4 do not use jwt-go in an unsafe way and hence this issue has been rated as having a security impact of Low. A future update may address this issue.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli as a technical preview and is not currently planned to be addressed in future updates, hence the multi-cloud-object-gateway-cli package will not be fixed.\n\n[1] https://github.com/Azure/go-autorest/issues/568#issuecomment-703804062",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "RHBZ#1883371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
          "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
        }
      ],
      "release_date": "2020-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jwt-go: access restriction bypass vulnerability"
    },
    {
      "cve": "CVE-2020-27813",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-11-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1902111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang-github-gorilla-websocket: integer overflow leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "RHBZ#1902111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh",
          "url": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh"
        }
      ],
      "release_date": "2019-08-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang-github-gorilla-websocket: integer overflow leads to denial of service"
    },
    {
      "cve": "CVE-2020-28362",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2020-11-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1897635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: panic during recursive division of very large numbers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "RHBZ#1897635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
        }
      ],
      "release_date": "2020-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: panic during recursive division of very large numbers"
    },
    {
      "cve": "CVE-2020-29652",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908883"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A null pointer dereference vulnerability was found in golang. When using the library\u0027s ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A large number of products include the affected package, but do not make use of the vulnerable SSH server code.  Accordingly, the flaw itself is rated as \"Important\", but these products themselves all have a \"Low\" severity rating.\n\nAdditionally, a number of products include golang.org/x/crypto (or even golang.org/x/crypto/ssh/terminal) but not specifically golang.org/x/crypto/ssh/server.go in the final build. As this would result in a very large number of entries of not affected products, only products which include the ssh server code (golang.org/x/crypto/ssh/server.go) have been represented here.  \n\nRed Hat Enterprise Linux 8 container-tools:rhel8/containernetworking-plugins is not affected because although it uses some functionality from golang.org/x/crypto, it does not use or import anything from golang.org/x/crypto/ssh/*.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908883",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1",
          "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
        }
      ],
      "release_date": "2020-12-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference"
    },
    {
      "cve": "CVE-2021-3121",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2021-01-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1921650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting  protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "RHBZ#1921650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
        }
      ],
      "release_date": "2021-01-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Casey Callendrello"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-20206",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1919391"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Moderate.\n\nThe fix for podman was released as a part of OpenShift 4.8 and is included in future releases.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-20206"
        },
        {
          "category": "external",
          "summary": "RHBZ#1919391",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206"
        }
      ],
      "release_date": "2021-02-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration"
    }
  ]
}

RHSA-2021:0980

Vulnerability from csaf_redhat - Published: 2021-03-24 15:39 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.5 security and bug fix update

Severity

Moderate

Notes

Topic: Red Hat Advanced Cluster Management for Kubernetes 2.1.5 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Advanced Cluster Management for Kubernetes 2.1.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fix: * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug fixes: * Overview page not showing pods count of the cluster (BZ#1903446) * On new Application deployment, Ansible Prehook gets executed twice (BZ#1920654) * Go panic in multicluster-operators-hub pods when creating a helm subscription using basic auth (BZ#1925281) * RHACM 2.1.5 images (BZ#1931887) * CVE-2020-14040 grafana-dashboard-loader: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2] (BZ#1932356) * CVE-2020-14040 multicluster-monitoring-operator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2] (BZ#1932359) * RHACM missing Canadian regions for Azure Provider (BZ#1932430) * CVE-2020-14040 configmap-watcher: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932481) * CVE-2020-14040 governance-policy-status-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932498) * CVE-2020-14040 governance-policy-template-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932617) * CVE-2020-14040 governance-policy-spec-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932633) * CVE-2020-14040 multicloudhub-operator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932665) * CVE-2020-14040 multicloudhub-repo: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932668) * CVE-2020-14040 config-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933062) * CVE-2020-14040 cert-manager: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933073) * CVE-2020-14040 cert-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933104) * CVE-2020-14040 iam-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933106) * CVE-2020-14040 management-ingress: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933136) * CVE-2020-14040 governance-policy-propagator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1938355)

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64		—	Vendor Fix fix

Threats

Impact Moderate

References

16 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0980	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2020-14040	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903446	external
https://bugzilla.redhat.com/show_bug.cgi?id=1920654	external
https://bugzilla.redhat.com/show_bug.cgi?id=1925281	external
https://bugzilla.redhat.com/show_bug.cgi?id=1931887	external
https://bugzilla.redhat.com/show_bug.cgi?id=1932430	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.1.5 General\nAvailability release images, which fix several bugs and security issues. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.1.5 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly \nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.1/html/release_notes/\n\nSecurity fix:\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fixes:\n\n* Overview page not showing pods count of the cluster (BZ#1903446)\n\n* On new Application deployment, Ansible Prehook gets executed twice (BZ#1920654)\n\n* Go panic in multicluster-operators-hub pods when creating a helm subscription using basic auth (BZ#1925281)\n\n* RHACM 2.1.5 images (BZ#1931887)\n\n* CVE-2020-14040 grafana-dashboard-loader: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2] (BZ#1932356)\n\n* CVE-2020-14040 multicluster-monitoring-operator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2] (BZ#1932359)\n\n* RHACM missing Canadian regions for Azure Provider (BZ#1932430)\n\n* CVE-2020-14040 configmap-watcher: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932481)\n\n* CVE-2020-14040 governance-policy-status-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932498)\n\n* CVE-2020-14040 governance-policy-template-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932617)\n\n* CVE-2020-14040 governance-policy-spec-sync: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932633) \n\n* CVE-2020-14040 multicloudhub-operator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932665)\n\n* CVE-2020-14040 multicloudhub-repo: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1932668)\n\n* CVE-2020-14040 config-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933062)\n\n* CVE-2020-14040 cert-manager: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933073)\n\n* CVE-2020-14040 cert-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933104)\n\n* CVE-2020-14040 iam-policy-controller: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933106)\n\n* CVE-2020-14040 management-ingress: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1933136)\n\n* CVE-2020-14040 governance-policy-propagator: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhacm-2.1] (BZ#1938355)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0980",
        "url": "https://access.redhat.com/errata/RHSA-2021:0980"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2020-14040",
        "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1903446",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903446"
      },
      {
        "category": "external",
        "summary": "1920654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920654"
      },
      {
        "category": "external",
        "summary": "1925281",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925281"
      },
      {
        "category": "external",
        "summary": "1931887",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931887"
      },
      {
        "category": "external",
        "summary": "1932430",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932430"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0980.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.5 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:07+00:00",
      "generator": {
        "date": "2026-06-02T17:26:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:0980",
      "initial_release_date": "2021-03-24T15:39:52+00:00",
      "revision_history": [
        {
          "date": "2021-03-24T15:39:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-03-24T15:39:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
                  "product_id": "8Base-RHACM-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat ACM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64",
                "product": {
                  "name": "rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64",
                  "product_id": "rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-must-gather-rhel8\u0026tag=v2.1.3-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
          "product_id": "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64"
        },
        "product_reference": "rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-24T15:39:52+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-operator",
          "product_ids": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0980"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:0b5db239e2eee0bc73f60910953a16b3abd4e2823d55f6fcfbc3f1d4fadbe564_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    }
  ]
}

RHSA-2021:1129

Vulnerability from csaf_redhat - Published: 2021-04-08 10:18 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release

Severity

Moderate

Notes

Topic: A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-14836

It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-9283

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

21 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:1129	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-14836	self
https://bugzilla.redhat.com/show_bug.cgi?id=1750928	external
https://www.cve.org/CVERecord?id=CVE-2019-14836	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14836	external
https://access.redhat.com/security/cve/CVE-2020-9283	self
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://www.cve.org/CVERecord?id=CVE-2020-9283	external
https://nvd.nist.gov/vuln/detail/CVE-2020-9283	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:1129",
        "url": "https://access.redhat.com/errata/RHSA-2021:1129"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
      },
      {
        "category": "external",
        "summary": "1804533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1129.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat 3scale API Management 2.10.0 security update and release",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:08+00:00",
      "generator": {
        "date": "2026-06-02T17:26:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:1129",
      "initial_release_date": "2021-04-08T10:18:08+00:00",
      "revision_history": [
        {
          "date": "2021-04-08T10:18:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-04-08T10:18:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat 3Scale AMP 2.10",
                "product": {
                  "name": "Red Hat 3Scale AMP 2.10",
                  "product_id": "7Server-RH7-3scale-AMP-2.10",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:3scale_amp:2.10::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "3scale API Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=3scale2.10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=1.13.0-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=3scale2.10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=1.13.0-17"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64 as a component of Red Hat 3Scale AMP 2.10",
          "product_id": "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64 as a component of Red Hat 3Scale AMP 2.10",
          "product_id": "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64 as a component of Red Hat 3Scale AMP 2.10",
          "product_id": "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64 as a component of Red Hat 3Scale AMP 2.10",
          "product_id": "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.10"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14836",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2019-08-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1750928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "3scale: dev portal missing protection against login CSRF",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14836"
        },
        {
          "category": "external",
          "summary": "RHBZ#1750928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14836"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14836",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14836"
        }
      ],
      "release_date": "2020-05-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-08T10:18:08+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "3scale: dev portal missing protection against login CSRF"
    },
    {
      "cve": "CVE-2020-9283",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2020-02-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1804533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "RHBZ#1804533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
        }
      ],
      "release_date": "2020-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-08T10:18:08+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
          "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-08T10:18:08+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1129"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator-metadata@sha256:f698cf1102a1847cba810f5be68c264223a37f6424c3e4902465111b5b74d496_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/3scale-rhel7-operator@sha256:655062177bc53b155b87876dc1096530c365f18f9be3ceb0d32aa2d343968f9a_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator-metadata@sha256:65447df0f16603ea021eaae880865ccfcb4449aab6fc2fd519da554c46987e84_amd64",
            "7Server-RH7-3scale-AMP-2.10:3scale-amp2/apicast-rhel7-operator@sha256:ef5c4e42d2ce962a21ff0c61f500c6dd672d07ff7f4bfce039ca6851a0fcbef0_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    }
  ]
}

RHSA-2021:1168

Vulnerability from csaf_redhat - Published: 2021-04-13 04:30 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update

Severity

Important

Notes

Topic: Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security Fix(es): * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * go-slug: partial protection against zip slip attacks (CVE-2020-29529) * nodejs-lodash: command injection via template (CVE-2021-23337) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778)

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28500

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28851

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28852

A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-29529

HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-21321

A flaw was found in fastify-reply-from. Escaping of the prefix of the proxied backend service is possible allowing an attacker, using a specially crafted URL, to gain access to directories that would otherwise be out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2021-21322

A flaw was found in fastify-http-proxy. Escaping the prefix of the proxied backend service is possible by an attacker using a specially crafted URL. The highest threat from this vulnerability is to data confidentiality and integrity.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Critical

CVE-2021-23337

A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-23840

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 77 products

Product	Version	Remediation
Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

64 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:1168	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913333	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913338	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914238	external
https://bugzilla.redhat.com/show_bug.cgi?id=1928937	external
https://bugzilla.redhat.com/show_bug.cgi?id=1928954	external
https://bugzilla.redhat.com/show_bug.cgi?id=1930310	external
https://bugzilla.redhat.com/show_bug.cgi?id=1930324	external
https://bugzilla.redhat.com/show_bug.cgi?id=1936528	external
https://bugzilla.redhat.com/show_bug.cgi?id=1936642	external
https://bugzilla.redhat.com/show_bug.cgi?id=1938215	external
https://bugzilla.redhat.com/show_bug.cgi?id=1941778	external
https://bugzilla.redhat.com/show_bug.cgi?id=1942178	external
https://bugzilla.redhat.com/show_bug.cgi?id=1942182	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-28500	self
https://bugzilla.redhat.com/show_bug.cgi?id=1928954	external
https://www.cve.org/CVERecord?id=CVE-2020-28500	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28500	external
https://snyk.io/vuln/SNYK-JS-LODASH-1018905	external
https://access.redhat.com/security/cve/CVE-2020-28851	self
https://bugzilla.redhat.com/show_bug.cgi?id=1913333	external
https://www.cve.org/CVERecord?id=CVE-2020-28851	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28851	external
https://access.redhat.com/security/cve/CVE-2020-28852	self
https://bugzilla.redhat.com/show_bug.cgi?id=1913338	external
https://www.cve.org/CVERecord?id=CVE-2020-28852	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28852	external
https://access.redhat.com/security/cve/CVE-2020-29529	self
https://bugzilla.redhat.com/show_bug.cgi?id=1914238	external
https://www.cve.org/CVERecord?id=CVE-2020-29529	external
https://nvd.nist.gov/vuln/detail/CVE-2020-29529	external
https://access.redhat.com/security/cve/CVE-2021-21321	self
https://bugzilla.redhat.com/show_bug.cgi?id=1942178	external
https://www.cve.org/CVERecord?id=CVE-2021-21321	external
https://nvd.nist.gov/vuln/detail/CVE-2021-21321	external
https://github.com/fastify/fastify-reply-from/sec…	external
https://access.redhat.com/security/cve/CVE-2021-21322	self
https://bugzilla.redhat.com/show_bug.cgi?id=1942182	external
https://www.cve.org/CVERecord?id=CVE-2021-21322	external
https://nvd.nist.gov/vuln/detail/CVE-2021-21322	external
https://github.com/fastify/fastify-http-proxy/sec…	external
https://access.redhat.com/security/cve/CVE-2021-23337	self
https://bugzilla.redhat.com/show_bug.cgi?id=1928937	external
https://www.cve.org/CVERecord?id=CVE-2021-23337	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23337	external
https://snyk.io/vuln/SNYK-JS-LODASH-1040724	external
https://access.redhat.com/security/cve/CVE-2021-23840	self
https://bugzilla.redhat.com/show_bug.cgi?id=1930324	external
https://www.cve.org/CVERecord?id=CVE-2021-23840	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23840	external
https://www.openssl.org/news/secadv/20210216.txt	external
https://access.redhat.com/security/cve/CVE-2021-23841	self
https://bugzilla.redhat.com/show_bug.cgi?id=1930310	external
https://www.cve.org/CVERecord?id=CVE-2021-23841	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23841	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity Fix(es):\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* go-slug: partial protection against zip slip attacks (CVE-2020-29529)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528)\n\n* Importing of cluster fails due to error/typo in generated command (BZ#1936642)\n\n* RHACM 2.2.2 images (BZ#1938215)\n\n* 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:1168",
        "url": "https://access.redhat.com/errata/RHSA-2021:1168"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1913333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
      },
      {
        "category": "external",
        "summary": "1913338",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
      },
      {
        "category": "external",
        "summary": "1914238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914238"
      },
      {
        "category": "external",
        "summary": "1928937",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
      },
      {
        "category": "external",
        "summary": "1928954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
      },
      {
        "category": "external",
        "summary": "1930310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310"
      },
      {
        "category": "external",
        "summary": "1930324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324"
      },
      {
        "category": "external",
        "summary": "1936528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936528"
      },
      {
        "category": "external",
        "summary": "1936642",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936642"
      },
      {
        "category": "external",
        "summary": "1938215",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938215"
      },
      {
        "category": "external",
        "summary": "1941778",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941778"
      },
      {
        "category": "external",
        "summary": "1942178",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942178"
      },
      {
        "category": "external",
        "summary": "1942182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942182"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1168.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:08+00:00",
      "generator": {
        "date": "2026-06-02T17:26:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:1168",
      "initial_release_date": "2021-04-13T04:30:02+00:00",
      "revision_history": [
        {
          "date": "2021-04-13T04:30:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-04-13T04:30:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
                  "product_id": "8Base-RHACM-2.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.2::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
                  "product_id": "7Server-RHACM-2.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.2::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat ACM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
                "product": {
                  "name": "rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
                  "product_id": "rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acmesolver-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
                "product": {
                  "name": "rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
                  "product_id": "rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-must-gather-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
                "product": {
                  "name": "rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
                  "product_id": "rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-operator-bundle\u0026tag=v2.2.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
                "product": {
                  "name": "rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
                  "product_id": "rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/application-ui-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
                "product": {
                  "name": "rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
                  "product_id": "rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cainjector-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
                "product": {
                  "name": "rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
                  "product_id": "rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
                "product": {
                  "name": "rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
                  "product_id": "rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-webhook-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
                "product": {
                  "name": "rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
                  "product_id": "rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
                "product": {
                  "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
                  "product_id": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/clusterlifecycle-state-metrics-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
                "product": {
                  "name": "rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
                  "product_id": "rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/configmap-watcher-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
                "product": {
                  "name": "rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
                  "product_id": "rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
                "product": {
                  "name": "rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
                  "product_id": "rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-api-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
                "product": {
                  "name": "rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
                  "product_id": "rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
                "product": {
                  "name": "rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
                  "product_id": "rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-header-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
                "product": {
                  "name": "rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
                  "product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
                "product": {
                  "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
                  "product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
                "product": {
                  "name": "rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
                  "product_id": "rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-rhel8-operator\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
                "product": {
                  "name": "rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
                  "product_id": "rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-propagator-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
                "product": {
                  "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
                  "product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
                "product": {
                  "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
                  "product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
                "product": {
                  "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
                  "product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
                "product": {
                  "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
                  "product_id": "rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grafana-dashboard-loader-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
                "product": {
                  "name": "rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
                  "product_id": "rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-api-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
                "product": {
                  "name": "rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
                  "product_id": "rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
                "product": {
                  "name": "rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
                  "product_id": "rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
                "product": {
                  "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
                  "product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
                "product": {
                  "name": "rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
                  "product_id": "rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-operator-bundle\u0026tag=v2.2.2-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
                "product": {
                  "name": "rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
                  "product_id": "rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/kui-web-terminal-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
                "product": {
                  "name": "rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
                  "product_id": "rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/management-ingress-rhel7\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
                "product": {
                  "name": "rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
                  "product_id": "rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-api-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
                "product": {
                  "name": "rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
                  "product_id": "rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
                "product": {
                  "name": "rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
                  "product_id": "rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
                "product": {
                  "name": "rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
                  "product_id": "rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-exporter-rhel7\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
                "product": {
                  "name": "rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
                  "product_id": "rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
                "product": {
                  "name": "rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
                  "product_id": "rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
                "product": {
                  "name": "rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
                  "product_id": "rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-rhel8\u0026tag=v2.2.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
                "product": {
                  "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
                  "product_id": "rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-repo-rhel8\u0026tag=v2.2.2-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
                "product": {
                  "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
                  "product_id": "rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-observability-rhel8-operator\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
                  "product_id": "rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-application-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
                  "product_id": "rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-channel-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
                  "product_id": "rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-deployable-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
                  "product_id": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-placementrule-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
                  "product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.2-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
                "product": {
                  "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
                  "product_id": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-release-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
                "product": {
                  "name": "rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
                  "product_id": "rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
                "product": {
                  "name": "rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
                  "product_id": "rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
                "product": {
                  "name": "rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
                  "product_id": "rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/openshift-hive-rhel7\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
                "product": {
                  "name": "rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
                  "product_id": "rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rbac-query-proxy-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
                "product": {
                  "name": "rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
                  "product_id": "rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rcm-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
                "product": {
                  "name": "rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
                  "product_id": "rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/redisgraph-tls-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
                "product": {
                  "name": "rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
                  "product_id": "rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
                "product": {
                  "name": "rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
                  "product_id": "rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
                "product": {
                  "name": "rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
                  "product_id": "rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-aggregator-rhel7\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
                "product": {
                  "name": "rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
                  "product_id": "rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-api-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
                "product": {
                  "name": "rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
                  "product_id": "rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
                "product": {
                  "name": "rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
                  "product_id": "rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
                "product": {
                  "name": "rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
                  "product_id": "rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-ui-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
                "product": {
                  "name": "rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
                  "product_id": "rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-addon-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
                "product": {
                  "name": "rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
                  "product_id": "rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-rhel7\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
                "product": {
                  "name": "rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
                  "product_id": "rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-receive-controller-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64",
                "product": {
                  "name": "rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64",
                  "product_id": "rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
                "product": {
                  "name": "rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
                  "product_id": "rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
                "product": {
                  "name": "rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
                  "product_id": "rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
                "product": {
                  "name": "rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
                  "product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
                "product": {
                  "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
                  "product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
                "product": {
                  "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
                  "product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
                "product": {
                  "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
                  "product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
                "product": {
                  "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
                  "product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
                "product": {
                  "name": "rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
                  "product_id": "rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
                "product": {
                  "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
                  "product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
                "product": {
                  "name": "rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
                  "product_id": "rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
                "product": {
                  "name": "rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
                  "product_id": "rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
                "product": {
                  "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
                  "product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.2-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
                "product": {
                  "name": "rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
                  "product_id": "rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
                "product": {
                  "name": "rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
                  "product_id": "rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
                "product": {
                  "name": "rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
                  "product_id": "rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
                "product": {
                  "name": "rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
                  "product_id": "rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
          "product_id": "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64"
        },
        "product_reference": "rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
        "relates_to_product_reference": "7Server-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
          "product_id": "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64"
        },
        "product_reference": "rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
        "relates_to_product_reference": "7Server-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
          "product_id": "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64"
        },
        "product_reference": "rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
        "relates_to_product_reference": "7Server-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
          "product_id": "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64"
        },
        "product_reference": "rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
        "relates_to_product_reference": "7Server-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
          "product_id": "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64"
        },
        "product_reference": "rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
        "relates_to_product_reference": "7Server-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64"
        },
        "product_reference": "rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64"
        },
        "product_reference": "rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64"
        },
        "product_reference": "rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64"
        },
        "product_reference": "rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64"
        },
        "product_reference": "rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64"
        },
        "product_reference": "rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64"
        },
        "product_reference": "rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64"
        },
        "product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x"
        },
        "product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64"
        },
        "product_reference": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x"
        },
        "product_reference": "rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64"
        },
        "product_reference": "rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64"
        },
        "product_reference": "rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64"
        },
        "product_reference": "rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64"
        },
        "product_reference": "rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64"
        },
        "product_reference": "rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64"
        },
        "product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x"
        },
        "product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x"
        },
        "product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64"
        },
        "product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64"
        },
        "product_reference": "rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64"
        },
        "product_reference": "rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x"
        },
        "product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64"
        },
        "product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64"
        },
        "product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x"
        },
        "product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x"
        },
        "product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64"
        },
        "product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64"
        },
        "product_reference": "rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64"
        },
        "product_reference": "rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64"
        },
        "product_reference": "rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64"
        },
        "product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x"
        },
        "product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64"
        },
        "product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x"
        },
        "product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64"
        },
        "product_reference": "rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64"
        },
        "product_reference": "rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64"
        },
        "product_reference": "rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64"
        },
        "product_reference": "rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64"
        },
        "product_reference": "rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x"
        },
        "product_reference": "rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64"
        },
        "product_reference": "rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x"
        },
        "product_reference": "rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64"
        },
        "product_reference": "rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64"
        },
        "product_reference": "rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64"
        },
        "product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x"
        },
        "product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64"
        },
        "product_reference": "rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64"
        },
        "product_reference": "rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64"
        },
        "product_reference": "rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64"
        },
        "product_reference": "rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64"
        },
        "product_reference": "rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64"
        },
        "product_reference": "rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64"
        },
        "product_reference": "rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x"
        },
        "product_reference": "rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64"
        },
        "product_reference": "rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x"
        },
        "product_reference": "rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64"
        },
        "product_reference": "rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64"
        },
        "product_reference": "rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64"
        },
        "product_reference": "rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x"
        },
        "product_reference": "rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64"
        },
        "product_reference": "rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64"
        },
        "product_reference": "rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64"
        },
        "product_reference": "rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64"
        },
        "product_reference": "rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x"
        },
        "product_reference": "rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
          "product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        },
        "product_reference": "rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-28500",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1928954"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28500"
        },
        {
          "category": "external",
          "summary": "RHBZ#1928954",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
          "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
        }
      ],
      "release_date": "2021-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
    },
    {
      "cve": "CVE-2020-28851",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2021-01-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1913333"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28851"
        },
        {
          "category": "external",
          "summary": "RHBZ#1913333",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
        }
      ],
      "release_date": "2021-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension"
    },
    {
      "cve": "CVE-2020-28852",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2021-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1913338"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28852"
        },
        {
          "category": "external",
          "summary": "RHBZ#1913338",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
        }
      ],
      "release_date": "2021-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
    },
    {
      "cve": "CVE-2020-29529",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2020-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1914238"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-slug: partial protection against zip slip attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-29529"
        },
        {
          "category": "external",
          "summary": "RHBZ#1914238",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914238"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29529",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29529"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29529",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29529"
        }
      ],
      "release_date": "2020-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go-slug: partial protection against zip slip attacks"
    },
    {
      "cve": "CVE-2021-21321",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942178"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fastify-reply-from. Escaping of the prefix of the proxied backend service is possible allowing an attacker, using a specially crafted URL, to gain access to directories that would otherwise be out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fastify-reply-from: crafted URL allows prefix scape of the proxied backend service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability.  The severity of this flaw in for Red Had Advanced Cluster Management for Kubernetes is rated as important as there are no exposed, un-authenticated endpoints that could be accessed by exploiting this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21321"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942178",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942178"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21321"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4",
          "url": "https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-qmw8-3v4g-gwj4"
        }
      ],
      "release_date": "2021-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "fastify-reply-from: crafted URL allows prefix scape of the proxied backend service"
    },
    {
      "cve": "CVE-2021-21322",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1942182"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fastify-http-proxy. Escaping the prefix of the proxied backend service is possible by an attacker using a specially crafted URL. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability.  The severity of this flaw in for Red Had Advanced Cluster Management for Kubernetes is rated as important as there are no exposed, un-authenticated endpoints that could be accessed by exploiting this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21322"
        },
        {
          "category": "external",
          "summary": "RHBZ#1942182",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942182"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21322"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21322",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21322"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w",
          "url": "https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-c4qr-gmr9-v23w"
        }
      ],
      "release_date": "2021-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service"
    },
    {
      "cve": "CVE-2021-23337",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2021-02-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1928937"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-lodash: command injection via template",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23337"
        },
        {
          "category": "external",
          "summary": "RHBZ#1928937",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
          "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
        }
      ],
      "release_date": "2021-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-lodash: command injection via template"
    },
    {
      "cve": "CVE-2021-23840",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2021-02-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: integer overflow in CipherUpdate",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw only affects applications which are compiled with OpenSSL and using  EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\n\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23840"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20210216.txt",
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        }
      ],
      "release_date": "2021-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: integer overflow in CipherUpdate"
    },
    {
      "cve": "CVE-2021-23841",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2021-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a a null pointer dereference in the X509_issuer_and_serial_hash()  function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
          "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
          "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
          "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
          "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
          "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
          "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
          "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
          "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
          "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
          "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
          "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
          "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
          "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
          "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
          "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
          "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
          "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
          "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
          "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
          "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
          "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
          "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
          "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
          "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
          "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
          "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
          "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
          "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
          "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
          "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
          "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
          "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
          "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
          "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
          "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
          "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
          "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
          "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
          "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
          "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
          "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
          "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
          "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23841"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23841"
        },
        {
          "category": "external",
          "summary": "https://www.openssl.org/news/secadv/20210216.txt",
          "url": "https://www.openssl.org/news/secadv/20210216.txt"
        }
      ],
      "release_date": "2021-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-13T04:30:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1168"
        },
        {
          "category": "workaround",
          "details": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"",
          "product_ids": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:f6b57ccc9f8c7f3dc2476c0336a1e85a0878ae4dd5493172e6610dc639bf3711_amd64",
            "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:8e2196bdbeb0ceae5b3003f52c1c71968e630aba3c69ba241bb5e64402c97f03_amd64",
            "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:6e10254a7ec99ddec5f366a2b69910917bafc6782c6e01d033ad406aab3c4ab0_amd64",
            "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:023e8b5dfd7b286ce4b7622acfe21093cb5749236d5504ed2cb9a967d03009f3_amd64",
            "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:53b80b01a35f227f530c1b088caee1806bd73319f8ac7950f79cc21963e68a4d_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:81ebaf38c0840ba4001cc914e425117230c990b14277eb46d5a97a0acff600d4_amd64",
            "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:82f8508111f307c25e458a2283e86a21eaeeaa2cd0b335766174f324f6bd392d_amd64",
            "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:f639a4d14d4c6015921d8813a4f3808ceb0d7f691c199a3fa4c197bf13030637_amd64",
            "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:21f1904a812ebc43b5e31177eabaa5a92bcb97a28b55a14557ccbee7673825f6_amd64",
            "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:874937f7c8c08fadc4ef2f45f1d0721c3fd2744b27207b28e313646f69bf4dad_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:c2bbaf9c0120351bbf84aae52b3b61d23258c10f90cb7c2b562ba3580f208d6d_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:a869fcc065604fd2e164e80e5829894b0b47396e358357567839fcae2758f4d0_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:0e16a0575a63d09a53296072b0ad989c3fa9426303d16e1ddd19beda95ff916f_amd64",
            "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:1b250e2dd5ff3e9e90cae26f1b6ecc2369381cb7aaed171ed245b28838ddfdd8_s390x",
            "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7e147468cac7bc5faa3f7f93ee5a1adbb22b06878c662975bf5e70f6221c1efa_amd64",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:1288f38b70a158889d31643af7f827f41b369f6b4f94d727e34635c8d1eec06c_s390x",
            "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:93ecc069ebff07d5a528b844aeb1e54d64528dfeb444f89605aed13fa284423b_amd64",
            "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:78a3aee6ef65826d88fc50f25bf8aa29d04d17e8d1647b240818422f82ce8b6e_amd64",
            "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:504c7639ffb280982d7198ae7317c5e4aa2926f74143d28e9191767874ff96ed_amd64",
            "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:bde030b82bdea58cc3d8c42a74b4dfb4a080e9e590571db3e3bd528d859848d1_amd64",
            "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:6f573213d8b3c4643a23f520c6277bbc0d8605774088973c261aaf2bf27850e9_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:01b65937ba5d14fee077252a8ef82c5b6077d06b8d29caf23726b2db560dde5b_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:694dadf21771b2b13c027210947b51e73edc92447c9fb28329278cc5ea117bfc_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:1159f9e7cfa21e2b213cd508009132fbafe0dfc66cf3a1c0a405d6ecb5038084_s390x",
            "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:5fea99154a48d4a8362f9462cd48b3ac7f240dfe2c2345b51a8ea9db0dc11615_amd64",
            "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:557e4578f4d7860a13285be8b6886ed57f7008bdfb2de394c67504b064f71cf8_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:3144e1fae6331a0c4b4e8832ed4004e5285d40868a798c50bf62c519a2144200_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:1ab6f5ec3a9a20e7c43c0015144eb4187b68e1adc169822dd375426939992545_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:9e70343fa527e8d91c343b85681f0308f2a5338d7ea9d94e03c5dd81035ac13c_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:52e261947059a2a8b298fa486db54293038812d4178b1cc9081d043e3366df50_amd64",
            "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:97ac485778e5ebea777f642439da853278ab2b36d4e02ca75688f0b6a1cca6c8_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:834e87d0d55dc7a63289fb8b70d497527f58ca5ab53055cbfcdb7791203dc37e_s390x",
            "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:af6c476c593d1db817c1cffd81fe7c306bb32804d75eb07af16e90b79e485c2b_amd64",
            "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:bbeb9ea3ce8eeabf3e2bb8efac93ffe97fd945b7f5a7c29ace2376ca51ea0bcc_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:44ba8196f14e6edf4b9b3815a1e0d7834acc37394d27402a9261a36ca067736e_amd64",
            "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:8590ac50762b5f42a6a6ed09cf85492cd3c2bc50e03b3d38e55e0ed66a8330da_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:12a2e3b481e8c315b28745a5f4a0e03a10456d8dd8df2cf52e33737af04e5443_amd64",
            "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:7da3f12fc77185e9bbf217158140d865cee78bc90c606e789c8a7716cd27196c_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:297dd2dddc4fb516d60cf69daeb29dcb9aaaad3dede20058f88989dc34bb2953_amd64",
            "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:d86cf4bf4e1d740ceafb3b71f1f480e92dc185eb452871fc5b0b5bddf6c0fe0a_s390x",
            "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:d3b166fed222fbbcfe70e7a3872e8c1ac02a5ccd2cbf8585bedd29c005f6a16d_amd64",
            "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:1170b40f99b150bdf38830fb6c8ac5e46d900bee13ec566f6b94be3915c83055_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:15dba57df5f4bc52a698190ea0d323dc87dcc9e2c470a88e65e59b7c0cb4dc7b_amd64",
            "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:8b765d1e985f88699fc7eb9ec1f05e983d7a10b7d4c4229714bcb83acfdd4c64_amd64",
            "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:fe2930ac4cd4b6062d93eb1db58d1fa64e1daae4c5a790bcb73fad5f26b066bc_amd64",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:1145552d9ff52de6421d47449d908f7d44bb8a04acab377fa1ead8e1f85842eb_s390x",
            "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:731fcb93f14646e14b65c21ac40651c7221f1f1a1858c8eb88869c236c3ac94a_amd64",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7052d5ceeb35ee412ba14290d40b97830a2a70dddea363a337fe301b05d63394_s390x",
            "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:7c5274a6a747eae87c6e26e6bf887fa03eaa4e0cab7a80065bac6abf3774a65c_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:a3eee2b36818af6995867280be322536a59b784194e8ed9dbf4d442c0e2d6dbe_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:603aec81b2dd6115cb58f6289a99386fc4bd0a4491c52185fef713d141999011_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:660b410181b6c2202eee7689e6c1b5a30ba70d776495bb6b771f94123c589b6d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:5ec9aaa0608e7f0c5c295680dc19be7a456aa3c6c20323fa17c89ad50a152f33_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:f0f7573c99355b6599a0ba4b851b8a06d19a81b706580b817afb87d06addaf40_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:179caae0e60b5dab836ceaf18271a638d5a32a1153d146100fe5842e196c8c90_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:1e61b1163a82daed57211973251c13e7eea11455672c33e7db786fcd4f223c3d_amd64",
            "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:4fb58d7e465350dbc33b2272eb35b7fcf8a8468bb4e5c3ff30f25db1202dd6d0_s390x",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:101156bfe0b412acfae2f079e57a6a283c4a17e0372c3150488dddf4296751d0_amd64",
            "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:805e28368aeb21ceaef8265db0e72b41a6c8b7109e8fe0c14298a389e1a0bbf8_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:c6fd0dc77f0c5d7ab30c9cd964b739f5302f6690cd2250671fe139ac514e8247_amd64",
            "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:ee9bd32d2469ce124d8c100edaa9fd6ab399835c8a3720c7fc21aa48e1f9dfe4_amd64",
            "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:11c3f74245eb94130c5dad4033ac54fefe83679b5ac26a8baac39577211eefba_amd64",
            "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:e94f06db14a4f0fa5fe8ffb7597147f44a7667fcc23aec1d0ef0da593e2ba02f_amd64",
            "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:6d9c7c4cf8bd069b9d3ea172c817a0239ec9ed1f189c9e7935204aa46f6201b6_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:61ff481304633a53d931592236c9a4bc0bce30bc478e2087c7d890588d6bf1fc_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:ac8270c4fe734e29dff3067d3ca02c1b03021171c8d47b42da8a02adbe415a2a_amd64",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:389b47cab017e05d197e49a477a44e73e4b3f1dd498313bdcee86f4ac12eac06_s390x",
            "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:95dd7f046b693c3524a68342a410f632dd6d574b404a4aa12a956bf6ca85fe04_amd64",
            "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:055bc6e9769da6ab142a0c8639ab34e0ffd1e154fef4e3b98c11db034864ddbf_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:2fb5172b99100acd461ebcc03baf6249834c94d37033555f2c34c143734cc451_amd64",
            "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:89633b1d0af453c84ea7bcd07d07f4703ecf9d3c89967e24010e08fac687b13b_s390x",
            "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:1ed59b8ad7982fb7b1c7bfffb13051578dbae5dcd53197a725e55ddfcf3b1306_amd64",
            "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:122d6e5374540d9b129f6e768635efa17414a5ab5a47daaabd026d9db55277c6_amd64",
            "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:b27fd812c51d8312b46661b14df9af8a49eacf086ea51f03eb4536aee1d58708_amd64",
            "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:fb2241cb9b5f71423fcca1005685fd08a305f6f66d1bda3a3238fadca27f5433_amd64",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:927f0d6898674154c131f4fa1610e99a10c2eb09d3edb2d11decee2c3a12b10c_s390x",
            "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:a9aa328415bebdfaddfb776a2ddd461ba4c1bf1a9f8f82681bebf22a85a996d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()"
    }
  ]
}

RHSA-2021:1369

Vulnerability from csaf_redhat - Published: 2021-04-26 16:26 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.6 security and bug fix updates

Severity

Moderate

Notes

Topic: Red Hat Advanced Cluster Management for Kubernetes 2.1.6 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fixes: * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * mquery: Code injection via merge or clone operation (CVE-2020-35149) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug fixes: * RHACM 2.1.6 images (BZ#1940581) * When generating the import cluster string, it can include unescaped characters (BZ#1934184)

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64		—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-35149

A flaw was found in mquery that allows a prototype pollution attack. This flaw allows an attacker to alter the code behavior by modifying the object prototype. A flaw in the lib/utils.js function allows cloning and merging objects without sanitizing their special properties, such as prototype defining "__proto__". The highest threat from this vulnerability is to integrity.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64		—	Vendor Fix fix

Threats

Impact Moderate

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:1369	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1929338	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934184	external
https://bugzilla.redhat.com/show_bug.cgi?id=1940581	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-35149	self
https://bugzilla.redhat.com/show_bug.cgi?id=1929338	external
https://www.cve.org/CVERecord?id=CVE-2020-35149	external
https://nvd.nist.gov/vuln/detail/CVE-2020-35149	external
https://github.com/advisories/GHSA-45q2-34rf-mr94	external
https://portswigger.net/daily-swig/prototype-poll…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.1.6 General\nAvailability release images, which fix several bugs and security issues. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly \nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.1/html/release_notes/\n\nSecurity fixes:\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* mquery: Code injection via merge or clone operation (CVE-2020-35149)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped characters (BZ#1934184)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:1369",
        "url": "https://access.redhat.com/errata/RHSA-2021:1369"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1929338",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929338"
      },
      {
        "category": "external",
        "summary": "1934184",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934184"
      },
      {
        "category": "external",
        "summary": "1940581",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940581"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1369.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.1.6 security and bug fix updates",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:14+00:00",
      "generator": {
        "date": "2026-06-02T17:26:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:1369",
      "initial_release_date": "2021-04-26T16:26:19+00:00",
      "revision_history": [
        {
          "date": "2021-04-26T16:26:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-04-26T16:26:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
                  "product_id": "8Base-RHACM-2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat ACM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64",
                "product": {
                  "name": "rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64",
                  "product_id": "rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-must-gather-rhel8\u0026tag=v2.1.6-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
          "product_id": "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
        },
        "product_reference": "rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-26T16:26:19+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-operator",
          "product_ids": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-35149",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1929338"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in mquery that allows a prototype pollution attack. This flaw allows an attacker to alter the code behavior by modifying the object prototype. A flaw in the lib/utils.js function allows cloning and merging objects without sanitizing their special properties, such as prototype defining \"__proto__\". The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mquery: Code injection via merge or clone operation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The affected version of mquery is a dependency of the mongoose library. The exploitation of this vulnerability requires authenticated access, consequently, the CVSSv3 score for RHACM is lower than the score of the flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35149"
        },
        {
          "category": "external",
          "summary": "RHBZ#1929338",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929338"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35149"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-45q2-34rf-mr94",
          "url": "https://github.com/advisories/GHSA-45q2-34rf-mr94"
        },
        {
          "category": "external",
          "summary": "https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications",
          "url": "https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications"
        }
      ],
      "release_date": "2020-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-26T16:26:19+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/install/installing#upgrading-by-using-the-operator",
          "product_ids": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1369"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACM-2.1:rhacm2/acm-must-gather-rhel8@sha256:121f5cbddf3947ed9263759f072dc892af766d0cd24891156cff9e6f58821149_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mquery: Code injection via merge or clone operation"
    }
  ]
}

RHSA-2021:2039

Vulnerability from csaf_redhat - Published: 2021-05-19 08:01 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Service Registry (container images) release and security update [1.1.1.GA]

Severity

Moderate

Notes

Topic: An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Security Fix(es): * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Integration Red Hat / Red Hat Integration	`cpe:/a:redhat:integration:1`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25638

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Integration Red Hat / Red Hat Integration	`cpe:/a:redhat:integration:1`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Integration Red Hat / Red Hat Integration	`cpe:/a:redhat:integration:1`	—	Vendor Fix fix Workaround

Threats

Impact Low

References

22 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:2039	self
https://access.redhat.com/security/updates/classi…	external
https://catalog.redhat.com/software/operators/det…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881353	external
https://bugzilla.redhat.com/show_bug.cgi?id=1887664	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-25638	self
https://bugzilla.redhat.com/show_bug.cgi?id=1881353	external
https://www.cve.org/CVERecord?id=CVE-2020-25638	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25638	external
https://access.redhat.com/security/cve/CVE-2020-25649	self
https://bugzilla.redhat.com/show_bug.cgi?id=1887664	external
https://www.cve.org/CVERecord?id=CVE-2020-25649	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25649	external
https://github.com/FasterXML/jackson-databind/iss…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes.\n\nSecurity Fix(es):\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:2039",
        "url": "https://access.redhat.com/errata/RHSA-2021:2039"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2",
        "url": "https://catalog.redhat.com/software/operators/detail/5ef2818e7dc79430ca5f4fd2"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1881353",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
      },
      {
        "category": "external",
        "summary": "1887664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2039.json"
      }
    ],
    "title": "Red Hat Security Advisory: Service Registry (container images) release and security update [1.1.1.GA]",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:13+00:00",
      "generator": {
        "date": "2026-06-02T17:26:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:2039",
      "initial_release_date": "2021-05-19T08:01:05+00:00",
      "revision_history": [
        {
          "date": "2021-05-19T08:01:05+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-05-19T08:01:05+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Integration",
                "product": {
                  "name": "Red Hat Integration",
                  "product_id": "Red Hat Integration",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:integration:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Integration"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T08:01:05+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Integration"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:2039"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-25638",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2020-09-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881353"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881353",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T08:01:05+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Integration"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:2039"
        },
        {
          "category": "workaround",
          "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.",
          "product_ids": [
            "Red Hat Integration"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used"
    },
    {
      "cve": "CVE-2020-25649",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-08-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1887664"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Integration"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "RHBZ#1887664",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "https://github.com/FasterXML/jackson-databind/issues/2589",
          "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
        }
      ],
      "release_date": "2020-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T08:01:05+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Integration"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:2039"
        },
        {
          "category": "workaround",
          "details": "There is currently no known mitigation for this flaw.",
          "product_ids": [
            "Red Hat Integration"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Integration"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)"
    }
  ]
}

RHSA-2021:3140

Vulnerability from csaf_redhat - Published: 2021-08-11 18:21 - Updated: 2026-06-02 17:26

Summary

Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

Severity

Moderate

Notes

Topic: A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hawtio-osgi (CVE-2017-5645) * prometheus-jmx-exporter: snakeyaml (CVE-2017-18640) * apache-commons-compress (CVE-2019-12402) * karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445) * tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996) * spring-cloud-config-server (CVE-2020-5410) * velocity (CVE-2020-13936) * httpclient: apache-httpclient (CVE-2020-13956) * shiro-core: shiro (CVE-2020-17510) * hibernate-core (CVE-2020-25638) * wildfly-openssl (CVE-2020-25644) * jetty (CVE-2020-27216, CVE-2021-28165) * bouncycastle (CVE-2020-28052) * wildfly (CVE-2019-14887, CVE-2020-25640) * resteasy-jaxrs: resteasy (CVE-2020-1695) * camel-olingo4 (CVE-2020-1925) * springframework (CVE-2020-5421) * jsf-impl: Mojarra (CVE-2020-6950) * resteasy (CVE-2020-10688) * hibernate-validator (CVE-2020-10693) * wildfly-elytron (CVE-2020-10714) * undertow (CVE-2020-10719) * activemq (CVE-2020-13920) * cxf-core: cxf (CVE-2020-13954) * fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040) * jboss-ejb-client: wildfly (CVE-2020-14297) * xercesimpl: wildfly (CVE-2020-14338) * xnio (CVE-2020-14340) * flink: apache-flink (CVE-2020-17518) * resteasy-client (CVE-2020-25633) * xstream (CVE-2020-26258) * mybatis (CVE-2020-26945) * pdfbox (CVE-2021-27807, CVE-2021-27906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2017-5645

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-12402

A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attacker could exploit this flaw to cause an infinite loop during the archive creation, thus leading to a denial of service.

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.

7.4 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-16869

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2019-20445

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-1695

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-1925

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-1938

CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Low

CVE-2020-5410

A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack. The highest threat from this vulnerability is to data confidentiality.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Low

CVE-2020-5421

In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-6950

A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-9484

A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 - Session Fixation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-10719

A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 - Improper Authentication

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-13934

A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-13935

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-13936

A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-13954

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-14297

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-14338

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-14340

A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-17510

A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-290 - Authentication Bypass by Spoofing

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25633

A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25638

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-25640

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-26945

MyBatis before 3.5.6 mishandles deserialization of object streams.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-377 - Insecure Temporary File

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2020-28052

A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2021-27568

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package. Since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future. [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-27807

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-27906

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-28165

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.9 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

References

254 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:3140	self
https://bugzilla.redhat.com/show_bug.cgi?id=1941055	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945714	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1443635	external
https://bugzilla.redhat.com/show_bug.cgi?id=1730462	external
https://bugzilla.redhat.com/show_bug.cgi?id=1758619	external
https://bugzilla.redhat.com/show_bug.cgi?id=1764640	external
https://bugzilla.redhat.com/show_bug.cgi?id=1772008	external
https://bugzilla.redhat.com/show_bug.cgi?id=1785376	external
https://bugzilla.redhat.com/show_bug.cgi?id=1790309	external
https://bugzilla.redhat.com/show_bug.cgi?id=1798509	external
https://bugzilla.redhat.com/show_bug.cgi?id=1805006	external
https://bugzilla.redhat.com/show_bug.cgi?id=1805501	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://bugzilla.redhat.com/show_bug.cgi?id=1814974	external
https://bugzilla.redhat.com/show_bug.cgi?id=1825714	external
https://bugzilla.redhat.com/show_bug.cgi?id=1828459	external
https://bugzilla.redhat.com/show_bug.cgi?id=1838332	external
https://bugzilla.redhat.com/show_bug.cgi?id=1845626	external
https://bugzilla.redhat.com/show_bug.cgi?id=1851420	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853595	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857024	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857040	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860054	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860218	external
https://bugzilla.redhat.com/show_bug.cgi?id=1879042	external
https://bugzilla.redhat.com/show_bug.cgi?id=1880101	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881158	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881353	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881637	external
https://bugzilla.redhat.com/show_bug.cgi?id=1885485	external
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://bugzilla.redhat.com/show_bug.cgi?id=1887257	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891132	external
https://bugzilla.redhat.com/show_bug.cgi?id=1898235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903727	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908832	external
https://bugzilla.redhat.com/show_bug.cgi?id=1912881	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913312	external
https://bugzilla.redhat.com/show_bug.cgi?id=1941050	external
https://bugzilla.redhat.com/show_bug.cgi?id=1937440	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-5645	self
https://bugzilla.redhat.com/show_bug.cgi?id=1443635	external
https://www.cve.org/CVERecord?id=CVE-2017-5645	external
https://nvd.nist.gov/vuln/detail/CVE-2017-5645	external
https://access.redhat.com/security/cve/CVE-2017-18640	self
https://bugzilla.redhat.com/show_bug.cgi?id=1785376	external
https://www.cve.org/CVERecord?id=CVE-2017-18640	external
https://nvd.nist.gov/vuln/detail/CVE-2017-18640	external
https://access.redhat.com/security/cve/CVE-2019-12402	self
https://bugzilla.redhat.com/show_bug.cgi?id=1764640	external
https://www.cve.org/CVERecord?id=CVE-2019-12402	external
https://nvd.nist.gov/vuln/detail/CVE-2019-12402	external
https://access.redhat.com/security/cve/CVE-2019-14887	self
https://bugzilla.redhat.com/show_bug.cgi?id=1772008	external
https://www.cve.org/CVERecord?id=CVE-2019-14887	external
https://nvd.nist.gov/vuln/detail/CVE-2019-14887	external
https://access.redhat.com/security/cve/CVE-2019-16869	self
https://bugzilla.redhat.com/show_bug.cgi?id=1758619	external
https://www.cve.org/CVERecord?id=CVE-2019-16869	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16869	external
https://access.redhat.com/security/cve/CVE-2019-20445	self
https://bugzilla.redhat.com/show_bug.cgi?id=1798509	external
https://www.cve.org/CVERecord?id=CVE-2019-20445	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20445	external
https://access.redhat.com/security/cve/CVE-2020-1695	self
https://bugzilla.redhat.com/show_bug.cgi?id=1730462	external
https://www.cve.org/CVERecord?id=CVE-2020-1695	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1695	external
https://access.redhat.com/security/cve/CVE-2020-1925	self
https://bugzilla.redhat.com/show_bug.cgi?id=1790309	external
https://www.cve.org/CVERecord?id=CVE-2020-1925	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1925	external
https://access.redhat.com/security/cve/CVE-2020-1935	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806835	external
https://www.cve.org/CVERecord?id=CVE-2020-1935	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1935	external
https://tomcat.apache.org/security-7.html#Fixed_i…	external
https://tomcat.apache.org/security-8.html#Fixed_i…	external
https://tomcat.apache.org/security-9.html#Fixed_i…	external
https://access.redhat.com/security/cve/CVE-2020-1938	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806398	external
https://www.cve.org/CVERecord?id=CVE-2020-1938	external
https://nvd.nist.gov/vuln/detail/CVE-2020-1938	external
https://meterpreter.org/cve-2020-1938-apache-tomc…	external
https://www.cnvd.org.cn/webinfo/show/5415	external
https://www.tenable.com/blog/cve-2020-1938-ghostc…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://access.redhat.com/security/cve/CVE-2020-5410	self
https://bugzilla.redhat.com/show_bug.cgi?id=1845626	external
https://www.cve.org/CVERecord?id=CVE-2020-5410	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5410	external
https://access.redhat.com/security/cve/CVE-2020-5421	self
https://bugzilla.redhat.com/show_bug.cgi?id=1881158	external
https://www.cve.org/CVERecord?id=CVE-2020-5421	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5421	external
https://access.redhat.com/security/cve/CVE-2020-6950	self
https://bugzilla.redhat.com/show_bug.cgi?id=1805006	external
https://www.cve.org/CVERecord?id=CVE-2020-6950	external
https://nvd.nist.gov/vuln/detail/CVE-2020-6950	external
https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943	external
https://github.com/eclipse-ee4j/mojarra/commit/1b…	external
https://github.com/eclipse-ee4j/mojarra/commit/ce…	external
https://github.com/eclipse-ee4j/mojarra/issues/4571	external
https://github.com/javaserverfaces/mojarra/issues/4364	external
https://access.redhat.com/security/cve/CVE-2020-9484	self
https://bugzilla.redhat.com/show_bug.cgi?id=1838332	external
https://www.cve.org/CVERecord?id=CVE-2020-9484	external
https://nvd.nist.gov/vuln/detail/CVE-2020-9484	external
http://mail-archives.apache.org/mod_mbox/tomcat-a…	external
http://tomcat.apache.org/security-10.html#Fixed_i…	external
http://tomcat.apache.org/security-7.html#Fixed_in…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://access.redhat.com/security/cve/CVE-2020-10688	self
https://bugzilla.redhat.com/show_bug.cgi?id=1814974	external
https://www.cve.org/CVERecord?id=CVE-2020-10688	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10688	external
https://github.com/quarkusio/quarkus/issues/7248	external
https://issues.redhat.com/browse/RESTEASY-2519	external
https://access.redhat.com/security/cve/CVE-2020-10693	self
https://bugzilla.redhat.com/show_bug.cgi?id=1805501	external
https://www.cve.org/CVERecord?id=CVE-2020-10693	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10693	external
https://access.redhat.com/security/cve/CVE-2020-10714	self
https://bugzilla.redhat.com/show_bug.cgi?id=1825714	external
https://www.cve.org/CVERecord?id=CVE-2020-10714	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10714	external
https://access.redhat.com/security/cve/CVE-2020-10719	self
https://bugzilla.redhat.com/show_bug.cgi?id=1828459	external
https://www.cve.org/CVERecord?id=CVE-2020-10719	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10719	external
https://access.redhat.com/security/cve/CVE-2020-11996	self
https://bugzilla.redhat.com/show_bug.cgi?id=1851420	external
https://www.cve.org/CVERecord?id=CVE-2020-11996	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11996	external
http://mail-archives.apache.org/mod_mbox/tomcat-a…	external
http://tomcat.apache.org/security-10.html#Fixed_i…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://access.redhat.com/security/cve/CVE-2020-13920	self
https://bugzilla.redhat.com/show_bug.cgi?id=1880101	external
https://www.cve.org/CVERecord?id=CVE-2020-13920	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13920	external
https://access.redhat.com/security/cve/CVE-2020-13934	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857040	external
https://www.cve.org/CVERecord?id=CVE-2020-13934	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13934	external
http://mail-archives.apache.org/mod_mbox/tomcat-a…	external
http://tomcat.apache.org/security-10.html#Fixed_i…	external
http://tomcat.apache.org/security-7.html#Fixed_in…	external
http://tomcat.apache.org/security-8.html#Fixed_in…	external
http://tomcat.apache.org/security-9.html#Fixed_in…	external
https://access.redhat.com/security/cve/CVE-2020-13935	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857024	external
https://www.cve.org/CVERecord?id=CVE-2020-13935	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13935	external
http://mail-archives.apache.org/mod_mbox/tomcat-a…	external
https://access.redhat.com/security/cve/CVE-2020-13936	self
https://bugzilla.redhat.com/show_bug.cgi?id=1937440	external
https://www.cve.org/CVERecord?id=CVE-2020-13936	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13936	external
https://access.redhat.com/security/cve/CVE-2020-13954	self
https://bugzilla.redhat.com/show_bug.cgi?id=1898235	external
https://www.cve.org/CVERecord?id=CVE-2020-13954	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13954	external
https://access.redhat.com/security/cve/CVE-2020-13956	self
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://www.cve.org/CVERecord?id=CVE-2020-13956	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13956	external
https://www.openwall.com/lists/oss-security/2020/…	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-14297	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853595	external
https://www.cve.org/CVERecord?id=CVE-2020-14297	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14297	external
https://access.redhat.com/security/cve/CVE-2020-14338	self
https://bugzilla.redhat.com/show_bug.cgi?id=1860054	external
https://www.cve.org/CVERecord?id=CVE-2020-14338	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14338	external
https://access.redhat.com/security/cve/CVE-2020-14340	self
https://bugzilla.redhat.com/show_bug.cgi?id=1860218	external
https://www.cve.org/CVERecord?id=CVE-2020-14340	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14340	external
https://access.redhat.com/security/cve/CVE-2020-17510	self
https://bugzilla.redhat.com/show_bug.cgi?id=1903727	external
https://www.cve.org/CVERecord?id=CVE-2020-17510	external
https://nvd.nist.gov/vuln/detail/CVE-2020-17510	external
https://access.redhat.com/security/cve/CVE-2020-17518	self
https://bugzilla.redhat.com/show_bug.cgi?id=1913312	external
https://www.cve.org/CVERecord?id=CVE-2020-17518	external
https://nvd.nist.gov/vuln/detail/CVE-2020-17518	external
https://access.redhat.com/security/cve/CVE-2020-25633	self
https://bugzilla.redhat.com/show_bug.cgi?id=1879042	external
https://www.cve.org/CVERecord?id=CVE-2020-25633	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25633	external
https://access.redhat.com/security/cve/CVE-2020-25638	self
https://bugzilla.redhat.com/show_bug.cgi?id=1881353	external
https://www.cve.org/CVERecord?id=CVE-2020-25638	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25638	external
https://access.redhat.com/security/cve/CVE-2020-25640	self
https://bugzilla.redhat.com/show_bug.cgi?id=1881637	external
https://www.cve.org/CVERecord?id=CVE-2020-25640	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25640	external
https://github.com/amqphub/amqp-10-resource-adapt…	external
https://access.redhat.com/security/cve/CVE-2020-25644	self
https://bugzilla.redhat.com/show_bug.cgi?id=1885485	external
https://www.cve.org/CVERecord?id=CVE-2020-25644	external
https://nvd.nist.gov/vuln/detail/CVE-2020-25644	external
https://access.redhat.com/security/cve/CVE-2020-26258	self
https://bugzilla.redhat.com/show_bug.cgi?id=1908832	external
https://www.cve.org/CVERecord?id=CVE-2020-26258	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26258	external
https://access.redhat.com/security/cve/CVE-2020-26945	self
https://bugzilla.redhat.com/show_bug.cgi?id=1887257	external
https://www.cve.org/CVERecord?id=CVE-2020-26945	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26945	external
https://access.redhat.com/security/cve/CVE-2020-27216	self
https://bugzilla.redhat.com/show_bug.cgi?id=1891132	external
https://www.cve.org/CVERecord?id=CVE-2020-27216	external
https://nvd.nist.gov/vuln/detail/CVE-2020-27216	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2020-28052	self
https://bugzilla.redhat.com/show_bug.cgi?id=1912881	external
https://www.cve.org/CVERecord?id=CVE-2020-28052	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28052	external
https://access.redhat.com/security/cve/CVE-2021-27568	self
https://bugzilla.redhat.com/show_bug.cgi?id=1939839	external
https://www.cve.org/CVERecord?id=CVE-2021-27568	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27568	external
https://access.redhat.com/security/cve/CVE-2021-27807	self
https://bugzilla.redhat.com/show_bug.cgi?id=1941055	external
https://www.cve.org/CVERecord?id=CVE-2021-27807	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27807	external
https://access.redhat.com/security/cve/CVE-2021-27906	self
https://bugzilla.redhat.com/show_bug.cgi?id=1941050	external
https://www.cve.org/CVERecord?id=CVE-2021-27906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27906	external
https://access.redhat.com/security/cve/CVE-2021-28165	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945714	external
https://www.cve.org/CVERecord?id=CVE-2021-28165	external
https://nvd.nist.gov/vuln/detail/CVE-2021-28165	external
https://github.com/eclipse/jetty.project/security…	external

Acknowledgments

Compass Security Mirko Selber

Apache Tomcat Security Team @ZeddYu

An Trinh

GitHub Security Labs Alvaro Muñoz

Nedap Mark Banierink

ZeddYu

Red Hat Masafumi Miura

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3140",
        "url": "https://access.redhat.com/errata/RHSA-2021:3140"
      },
      {
        "category": "external",
        "summary": "1941055",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055"
      },
      {
        "category": "external",
        "summary": "1945714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
      },
      {
        "category": "external",
        "summary": "1443635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
      },
      {
        "category": "external",
        "summary": "1730462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
      },
      {
        "category": "external",
        "summary": "1758619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
      },
      {
        "category": "external",
        "summary": "1764640",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640"
      },
      {
        "category": "external",
        "summary": "1772008",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
      },
      {
        "category": "external",
        "summary": "1785376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376"
      },
      {
        "category": "external",
        "summary": "1790309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309"
      },
      {
        "category": "external",
        "summary": "1798509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
      },
      {
        "category": "external",
        "summary": "1805006",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
      },
      {
        "category": "external",
        "summary": "1805501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1806835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
      },
      {
        "category": "external",
        "summary": "1814974",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974"
      },
      {
        "category": "external",
        "summary": "1825714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
      },
      {
        "category": "external",
        "summary": "1828459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
      },
      {
        "category": "external",
        "summary": "1838332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332"
      },
      {
        "category": "external",
        "summary": "1845626",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626"
      },
      {
        "category": "external",
        "summary": "1851420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420"
      },
      {
        "category": "external",
        "summary": "1853595",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1857024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024"
      },
      {
        "category": "external",
        "summary": "1857040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040"
      },
      {
        "category": "external",
        "summary": "1860054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
      },
      {
        "category": "external",
        "summary": "1860218",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
      },
      {
        "category": "external",
        "summary": "1879042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
      },
      {
        "category": "external",
        "summary": "1880101",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101"
      },
      {
        "category": "external",
        "summary": "1881158",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158"
      },
      {
        "category": "external",
        "summary": "1881353",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
      },
      {
        "category": "external",
        "summary": "1881637",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
      },
      {
        "category": "external",
        "summary": "1885485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
      },
      {
        "category": "external",
        "summary": "1886587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
      },
      {
        "category": "external",
        "summary": "1887257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257"
      },
      {
        "category": "external",
        "summary": "1891132",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
      },
      {
        "category": "external",
        "summary": "1898235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235"
      },
      {
        "category": "external",
        "summary": "1903727",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727"
      },
      {
        "category": "external",
        "summary": "1908832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
      },
      {
        "category": "external",
        "summary": "1912881",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
      },
      {
        "category": "external",
        "summary": "1913312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312"
      },
      {
        "category": "external",
        "summary": "1941050",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050"
      },
      {
        "category": "external",
        "summary": "1937440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3140.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update",
    "tracking": {
      "current_release_date": "2026-06-02T17:26:16+00:00",
      "generator": {
        "date": "2026-06-02T17:26:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2021:3140",
      "initial_release_date": "2021-08-11T18:21:58+00:00",
      "revision_history": [
        {
          "date": "2021-08-11T18:21:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-08-11T18:21:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:26:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Fuse 7.9",
                "product": {
                  "name": "Red Hat Fuse 7.9",
                  "product_id": "Red Hat Fuse 7.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5645",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2017-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1443635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j: Socket receiver deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5645"
        },
        {
          "category": "external",
          "summary": "RHBZ#1443635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645"
        }
      ],
      "release_date": "2017-04-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "log4j: Socket receiver deserialization vulnerability"
    },
    {
      "cve": "CVE-2017-18640",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "discovery_date": "2019-12-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Billion laughs attack via alias feature",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-18640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785376",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-18640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640"
        }
      ],
      "release_date": "2019-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Billion laughs attack via alias feature"
    },
    {
      "cve": "CVE-2019-12402",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2019-10-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1764640"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attacker could exploit this flaw to cause an infinite loop during the archive creation, thus leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-compress: Infinite loop in name encoding algorithm",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the versions of apache-commons-compress as shipped with Red Hat Enterprise Linux 7, and the versions of rh-java-common-apache-commons-compress and rh-maven35-apache-commons-compress as shipped with Red Hat Software Collections 3, as they used a fallback zip encoding implementation (leveraging java.io) to encode filenames.\nThis issue does not affect the versions of rh-maven36-apache-commons-compress as shipped with Red Hat Software Collection 3 as they already include the patch.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12402"
        },
        {
          "category": "external",
          "summary": "RHBZ#1764640",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12402"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402"
        }
      ],
      "release_date": "2019-08-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-commons-compress: Infinite loop in name encoding algorithm"
    },
    {
      "cve": "CVE-2019-14887",
      "cwe": {
        "id": "CWE-757",
        "name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)"
      },
      "discovery_date": "2019-11-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1772008"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption.  This could lead to a leak of the data being passed over the network.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14887"
        },
        {
          "category": "external",
          "summary": "RHBZ#1772008",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14887"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887"
        }
      ],
      "release_date": "2020-03-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with \u0027TLS\u0027.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use"
    },
    {
      "cve": "CVE-2019-16869",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1758619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1]  https://github.com/elastic/elasticsearch/issues/49396",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16869"
        },
        {
          "category": "external",
          "summary": "RHBZ#1758619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
        }
      ],
      "release_date": "2019-09-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
    },
    {
      "cve": "CVE-2019-20445",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-01-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1798509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1]  https://github.com/elastic/elasticsearch/issues/49396",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20445"
        },
        {
          "category": "external",
          "summary": "RHBZ#1798509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445"
        }
      ],
      "release_date": "2020-01-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mirko Selber"
          ],
          "organization": "Compass Security"
        }
      ],
      "cve": "CVE-2020-1695",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2019-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1730462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1730462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
    },
    {
      "cve": "CVE-2020-1925",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2020-01-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1790309"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1925"
        },
        {
          "category": "external",
          "summary": "RHBZ#1790309",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1925",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1925"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925"
        }
      ],
      "release_date": "2020-01-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806835"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806835",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    },
    {
      "cve": "CVE-2020-5410",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2020-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1845626"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5410"
        },
        {
          "category": "external",
          "summary": "RHBZ#1845626",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5410"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-05-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Users of vulnerable versions or older, unsupported versions of spring-cloud-config-server should upgrade to a patched version. Spring-cloud-config-server should only be accessible on internal networks.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-25T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack"
    },
    {
      "cve": "CVE-2020-5421",
      "discovery_date": "2020-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881158"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: RFD protection bypass via jsessionid",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the version of SpringFramework (embedded in rhvm-dependencies) shipped with Red Hat Virtualization, as it does not provide support for spring-web.\n\nIn Red Hat Gluster Storage 3, SpringFramework (embedded in rhvm-dependencies)  was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. However, spring-web is not included in the shipped version of SpringFramework.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5421"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881158",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421"
        }
      ],
      "release_date": "2020-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "springframework: RFD protection bypass via jsessionid"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "An Trinh"
          ]
        }
      ],
      "cve": "CVE-2020-6950",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2019-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1805006"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-6950"
        },
        {
          "category": "external",
          "summary": "RHBZ#1805006",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
        },
        {
          "category": "external",
          "summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
          "url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
          "url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
          "url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
        },
        {
          "category": "external",
          "summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
          "url": "https://github.com/javaserverfaces/mojarra/issues/4364"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "There is no currently known mitigation for this flaw.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
    },
    {
      "cve": "CVE-2020-9484",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-05-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1838332"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A deserialization flaw was discovered in Apache Tomcat\u0027s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: deserialization flaw in session persistence storage leading to RCE",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\n\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9484"
        },
        {
          "category": "external",
          "summary": "RHBZ#1838332",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104",
          "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35"
        }
      ],
      "release_date": "2020-05-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized.  For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: deserialization flaw in session persistence storage leading to RCE"
    },
    {
      "cve": "CVE-2020-10688",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1814974"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10688"
        },
        {
          "category": "external",
          "summary": "RHBZ#1814974",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10688"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688"
        },
        {
          "category": "external",
          "summary": "https://github.com/quarkusio/quarkus/issues/7248",
          "url": "https://github.com/quarkusio/quarkus/issues/7248"
        },
        {
          "category": "external",
          "summary": "https://issues.redhat.com/browse/RESTEASY-2519",
          "url": "https://issues.redhat.com/browse/RESTEASY-2519"
        }
      ],
      "release_date": "2020-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alvaro Mu\u00f1oz"
          ],
          "organization": "GitHub Security Labs"
        }
      ],
      "cve": "CVE-2020-10693",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-02-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1805501"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "RHBZ#1805501",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
        }
      ],
      "release_date": "2020-05-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Banierink"
          ],
          "organization": "Nedap"
        }
      ],
      "cve": "CVE-2020-10714",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2020-03-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1825714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-elytron: session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "RHBZ#1825714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
        }
      ],
      "release_date": "2020-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~\nTO\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-elytron: session fixation when using FORM authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "ZeddYu"
          ]
        }
      ],
      "cve": "CVE-2020-10719",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-02-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: invalid HTTP request with large chunk size",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10719"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10719"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719"
        }
      ],
      "release_date": "2020-05-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: invalid HTTP request with large chunk size"
    },
    {
      "cve": "CVE-2020-11996",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of RHOSP14 and is only receiving security fixes for Important and Critical flaws.\nApache Tomcat versions as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as it doesn\u0027t support HTTP/2 protocol.\nRed Hat Enterprise Linux 8\u0027s Identity Management is using an affected version of Tomcat bundled within PKI servlet engine, however HTTP/2 protocol is not supported by this component.\n\npki-servlet-engine has been obsoleted by Tomcat in Red Hat Enterprise Linux 8.9 and later. Therefore no additional fixes would be made available for the servlet engine.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11996"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11996"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS"
    },
    {
      "cve": "CVE-2020-13920",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2020-09-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1880101"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "activemq: improper authentication allows MITM attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13920"
        },
        {
          "category": "external",
          "summary": "RHBZ#1880101",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920"
        }
      ],
      "release_date": "2020-09-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "activemq: improper authentication allows MITM attack"
    },
    {
      "cve": "CVE-2020-13934",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857040"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Certificate System 10.0 and Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. A future update may fix the code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13934"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857040",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13934"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105",
          "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37"
        }
      ],
      "release_date": "2020-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS"
    },
    {
      "cve": "CVE-2020-13935",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857024"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there is no entry point for WebSockets, thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with WebSocket functionality enabled by default.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857024",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7",
          "url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105",
          "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37"
        }
      ],
      "release_date": "2020-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS"
    },
    {
      "cve": "CVE-2020-13936",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2021-03-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1937440"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "velocity: arbitrary code execution when attacker is able to modify templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "RHBZ#1937440",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
        }
      ],
      "release_date": "2021-03-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "velocity: arbitrary code execution when attacker is able to modify templates"
    },
    {
      "cve": "CVE-2020-13954",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-11-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1898235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cxf: XSS via the styleSheetPath",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13954"
        },
        {
          "category": "external",
          "summary": "RHBZ#1898235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954"
        }
      ],
      "release_date": "2020-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Users can disable the service listing altogether by setting the \"hide-service-list-page\" servlet parameter to \"true\".",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cxf: XSS via the styleSheetPath"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-10-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1886587"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "RHBZ#1886587",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
          "url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
        }
      ],
      "release_date": "2020-10-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-14297",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-07-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853595"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14297"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853595",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
        }
      ],
      "release_date": "2020-07-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
    },
    {
      "cve": "CVE-2020-14338",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-07-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1860054"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14338"
        },
        {
          "category": "external",
          "summary": "RHBZ#1860054",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
        }
      ],
      "release_date": "2020-08-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Masafumi Miura"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-14340",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-07-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1860218"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14340"
        },
        {
          "category": "external",
          "summary": "RHBZ#1860218",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
        }
      ],
      "release_date": "2020-07-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
    },
    {
      "cve": "CVE-2020-17510",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "discovery_date": "2020-11-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1903727"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shiro: specially crafted HTTP request may cause an authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-17510"
        },
        {
          "category": "external",
          "summary": "RHBZ#1903727",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-17510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510"
        }
      ],
      "release_date": "2020-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "shiro: specially crafted HTTP request may cause an authentication bypass"
    },
    {
      "cve": "CVE-2020-17518",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1913312"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-flink: directory traversal attack allows remote file writing through the REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-17518"
        },
        {
          "category": "external",
          "summary": "RHBZ#1913312",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-17518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-17518"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518"
        }
      ],
      "release_date": "2021-01-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-flink: directory traversal attack allows remote file writing through the REST API"
    },
    {
      "cve": "CVE-2020-25633",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2020-09-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1879042"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server\u0027s potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25633"
        },
        {
          "category": "external",
          "summary": "RHBZ#1879042",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25633",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25633"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633"
        }
      ],
      "release_date": "2020-09-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling"
    },
    {
      "cve": "CVE-2020-25638",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2020-09-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881353"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881353",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used"
    },
    {
      "cve": "CVE-2020-25640",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2020-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881637"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881637",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640"
        },
        {
          "category": "external",
          "summary": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
          "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
        }
      ],
      "release_date": "2020-09-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error"
    },
    {
      "cve": "CVE-2020-25644",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "discovery_date": "2020-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1885485"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25644"
        },
        {
          "category": "external",
          "summary": "RHBZ#1885485",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25644"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644"
        }
      ],
      "release_date": "2020-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "There is currently no known mitigation for this issue.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL"
    },
    {
      "cve": "CVE-2020-26258",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2020-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908832"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/  (see SECURITY-383 / CVE-2017-2608)",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26258"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908832",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258"
        }
      ],
      "release_date": "2020-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n  public boolean canConvert(Class type) {\n    return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n        || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n        || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n        || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n  }\n\n  public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n\n  public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n    throw new ConversionException(\"Unsupported type due to security reasons.\");\n  }\n}, XStream.PRIORITY_LOW);",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling"
    },
    {
      "cve": "CVE-2020-26945",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-10-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1887257"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "MyBatis before 3.5.6 mishandles deserialization of object streams.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mybatis: mishandles deserialization of object streams which could result in remote code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1887257",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945"
        }
      ],
      "release_date": "2020-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mybatis: mishandles deserialization of object streams which could result in remote code execution"
    },
    {
      "cve": "CVE-2020-27216",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-10-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1891132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: local temporary directory hijacking vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27216"
        },
        {
          "category": "external",
          "summary": "RHBZ#1891132",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053"
        }
      ],
      "release_date": "2020-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: local temporary directory hijacking vulnerability"
    },
    {
      "cve": "CVE-2020-28052",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2021-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1912881"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28052"
        },
        {
          "category": "external",
          "summary": "RHBZ#1912881",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        },
        {
          "category": "workaround",
          "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible"
    },
    {
      "cve": "CVE-2021-27568",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-03-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1939839"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability.\r\n\r\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package.\r\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\r\nThis may be fixed in the future.\r\n\r\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json-smart: uncaught exception may lead to crash or information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27568"
        },
        {
          "category": "external",
          "summary": "RHBZ#1939839",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939839"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27568",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568"
        }
      ],
      "release_date": "2021-02-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json-smart: uncaught exception may lead to crash or information disclosure"
    },
    {
      "cve": "CVE-2021-27807",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2021-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1941055"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pdfbox: infinite loop while loading a crafted PDF file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27807"
        },
        {
          "category": "external",
          "summary": "RHBZ#1941055",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807"
        }
      ],
      "release_date": "2021-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "pdfbox: infinite loop while loading a crafted PDF file"
    },
    {
      "cve": "CVE-2021-27906",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1941050"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27906"
        },
        {
          "category": "external",
          "summary": "RHBZ#1941050",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906"
        }
      ],
      "release_date": "2021-03-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file"
    },
    {
      "cve": "CVE-2021-28165",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-08-11T18:21:58+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
          "product_ids": [
            "Red Hat Fuse 7.9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3140"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.9"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
    }
  ]
}

RHSA-2021_0420

Vulnerability from csaf_redhat - Published: 2021-02-04 16:14 - Updated: 2024-12-17 21:13

Summary

Red Hat Security Advisory: Red Hat Quay v3.4.0 security update

Severity

Moderate

Notes

CVE-2019-3866

5.9 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2019-16785

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-16786

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-16789

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2019-19911

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-20477

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5311

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5312

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-5313

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-8131

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-10177

A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10378

A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10379

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-10994

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-11538

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Low

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

92 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0420	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1768731	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789532	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789533	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789535	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789538	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789540	external
https://bugzilla.redhat.com/show_bug.cgi?id=1789807	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791415	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791420	external
https://bugzilla.redhat.com/show_bug.cgi?id=1806005	external
https://bugzilla.redhat.com/show_bug.cgi?id=1816261	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852814	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852820	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852824	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852832	external
https://bugzilla.redhat.com/show_bug.cgi?id=1852836	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2019-3866	self
https://bugzilla.redhat.com/show_bug.cgi?id=1768731	external
https://www.cve.org/CVERecord?id=CVE-2019-3866	external
https://nvd.nist.gov/vuln/detail/CVE-2019-3866	external
https://access.redhat.com/security/cve/CVE-2019-16785	self
https://bugzilla.redhat.com/show_bug.cgi?id=1791420	external
https://www.cve.org/CVERecord?id=CVE-2019-16785	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16785	external
https://docs.pylonsproject.org/projects/waitress/…	external
https://access.redhat.com/security/cve/CVE-2019-16786	self
https://bugzilla.redhat.com/show_bug.cgi?id=1791415	external
https://www.cve.org/CVERecord?id=CVE-2019-16786	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16786	external
https://access.redhat.com/security/cve/CVE-2019-16789	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789807	external
https://www.cve.org/CVERecord?id=CVE-2019-16789	external
https://nvd.nist.gov/vuln/detail/CVE-2019-16789	external
https://docs.pylonsproject.org/projects/waitress/…	external
https://access.redhat.com/security/cve/CVE-2019-19911	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789540	external
https://www.cve.org/CVERecord?id=CVE-2019-19911	external
https://nvd.nist.gov/vuln/detail/CVE-2019-19911	external
https://access.redhat.com/security/cve/CVE-2019-20477	self
https://bugzilla.redhat.com/show_bug.cgi?id=1806005	external
https://www.cve.org/CVERecord?id=CVE-2019-20477	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20477	external
https://access.redhat.com/security/cve/CVE-2020-5310	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789538	external
https://www.cve.org/CVERecord?id=CVE-2020-5310	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5310	external
https://access.redhat.com/security/cve/CVE-2020-5311	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789535	external
https://www.cve.org/CVERecord?id=CVE-2020-5311	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5311	external
https://access.redhat.com/security/cve/CVE-2020-5312	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789533	external
https://www.cve.org/CVERecord?id=CVE-2020-5312	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5312	external
https://access.redhat.com/security/cve/CVE-2020-5313	self
https://bugzilla.redhat.com/show_bug.cgi?id=1789532	external
https://www.cve.org/CVERecord?id=CVE-2020-5313	external
https://nvd.nist.gov/vuln/detail/CVE-2020-5313	external
https://access.redhat.com/security/cve/CVE-2020-8131	self
https://bugzilla.redhat.com/show_bug.cgi?id=1816261	external
https://www.cve.org/CVERecord?id=CVE-2020-8131	external
https://nvd.nist.gov/vuln/detail/CVE-2020-8131	external
https://access.redhat.com/security/cve/CVE-2020-10177	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852824	external
https://www.cve.org/CVERecord?id=CVE-2020-10177	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10177	external
https://access.redhat.com/security/cve/CVE-2020-10378	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852832	external
https://www.cve.org/CVERecord?id=CVE-2020-10378	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10378	external
https://access.redhat.com/security/cve/CVE-2020-10379	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852836	external
https://www.cve.org/CVERecord?id=CVE-2020-10379	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10379	external
https://access.redhat.com/security/cve/CVE-2020-10994	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852820	external
https://www.cve.org/CVERecord?id=CVE-2020-10994	external
https://nvd.nist.gov/vuln/detail/CVE-2020-10994	external
https://access.redhat.com/security/cve/CVE-2020-11538	self
https://bugzilla.redhat.com/show_bug.cgi?id=1852814	external
https://www.cve.org/CVERecord?id=CVE-2020-11538	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11538	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external

Acknowledgments

the OpenStack project

Kindred Group PLC Gauvain Pocentek and Clément Beaufils

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Quay 3.4.0 is now available with bug fixes and various\nenhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.4.0 release\n\nSecurity Fix(es):\n\n* waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)\n\n* waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)\n\n* waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)\n\n* python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)\n\n* python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)\n\n* python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)\n\n* python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)\n\n* python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)\n\n* openstack-mistral: information disclosure in mistral log (CVE-2019-3866)\n\n* python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)\n\n* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)\n\n* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)\n\n* yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)\n\n* python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)\n\n* python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0420",
        "url": "https://access.redhat.com/errata/RHSA-2021:0420"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1768731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731"
      },
      {
        "category": "external",
        "summary": "1789532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532"
      },
      {
        "category": "external",
        "summary": "1789533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533"
      },
      {
        "category": "external",
        "summary": "1789535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535"
      },
      {
        "category": "external",
        "summary": "1789538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538"
      },
      {
        "category": "external",
        "summary": "1789540",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540"
      },
      {
        "category": "external",
        "summary": "1789807",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807"
      },
      {
        "category": "external",
        "summary": "1791415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415"
      },
      {
        "category": "external",
        "summary": "1791420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420"
      },
      {
        "category": "external",
        "summary": "1806005",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005"
      },
      {
        "category": "external",
        "summary": "1816261",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261"
      },
      {
        "category": "external",
        "summary": "1852814",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814"
      },
      {
        "category": "external",
        "summary": "1852820",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820"
      },
      {
        "category": "external",
        "summary": "1852824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824"
      },
      {
        "category": "external",
        "summary": "1852832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832"
      },
      {
        "category": "external",
        "summary": "1852836",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0420.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay v3.4.0 security update",
    "tracking": {
      "current_release_date": "2024-12-17T21:13:08+00:00",
      "generator": {
        "date": "2024-12-17T21:13:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:0420",
      "initial_release_date": "2021-02-04T16:14:00+00:00",
      "revision_history": [
        {
          "date": "2021-02-04T16:14:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-04T16:14:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T21:13:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                  "product_id": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_id": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                "product": {
                  "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_id": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-openshift-bridge-rhel8-operator\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                "product": {
                  "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                  "product_id": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.4.0-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                "product": {
                  "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                  "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                "product": {
                  "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                  "product_id": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.4.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                  "product_id": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                  "product_id": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.4.0-89"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                "product": {
                  "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                  "product_id": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.4.0-132"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                "product": {
                  "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                  "product_id": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.4.0-51"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64"
        },
        "product_reference": "quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64"
        },
        "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64"
        },
        "product_reference": "quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64"
        },
        "product_reference": "quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64"
        },
        "product_reference": "quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        },
        "product_reference": "quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the OpenStack project"
          ]
        },
        {
          "names": [
            "Gauvain Pocentek and Cl\u00e9ment Beaufils"
          ],
          "organization": "Kindred Group PLC",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2019-3866",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "discovery_date": "2019-11-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1768731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information-exposure vulnerability was discovered where openstack-mistral\u0027s undercloud log files containing clear-text information were made world readable.  A malicious system user could exploit this flaw to access sensitive user information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openstack-mistral: information disclosure in mistral log",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-3866"
        },
        {
          "category": "external",
          "summary": "RHBZ#1768731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1768731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-3866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3866"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3866"
        }
      ],
      "release_date": "2019-11-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        },
        {
          "category": "workaround",
          "details": "Plain text information can be masked by ensuring that all mistral log files are not world readable.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openstack-mistral: information disclosure in mistral log"
    },
    {
      "cve": "CVE-2019-16785",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1791420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-request vulnerability was discovered in Waitress which implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately, if a front-end server does not process header fields with an LF the same way as it processes those with a CRLF, it can lead to the front-end and the back-end server processing the same HTTP message in two different ways. This vulnerability can lead to a potential for HTTP request smuggling and splitting where Waitress may see two requests, while the front-end server only sees a single HTTP message.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP request smuggling through LF vs CRLF handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13,  because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "RHBZ#1791420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16785"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6"
        }
      ],
      "release_date": "2019-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP request smuggling through LF vs CRLF handling"
    },
    {
      "cve": "CVE-2019-16786",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2020-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1791415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the inner-most encoding first, followed by any further transfer codings, ending with \u0027chunked\u0027. Because of this flaw, requests sent with: \"Transfer-Encoding: gzip, chunked\" would get ignored, and waitress would use the Content-Length header instead to determine the body size of the HTTP message. A remote attacker could exploit this flaw to force waitress to accept potentially bad HTTP requests or treat a single request as multiple requests in the case of HTTP pipelining.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP request smuggling through invalid Transfer-Encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nIn Red Hat OpenStack Platform 13,  because the flawed code is not used and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "RHBZ#1791415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16786"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id6"
        }
      ],
      "release_date": "2019-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP request smuggling through invalid Transfer-Encoding"
    },
    {
      "cve": "CVE-2019-16789",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789807"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP-interpretation flaw was found in waitress, through version 1.4.0. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server, an HTTP request splitting could occur which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. The highest threat from this vulnerability is data integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products ship but do not use the flawed version of python-waitress. The impact for these products is therefore rated as having a security impact of Low.\n\nFor Red Hat OpenStack Platform 13,  because the flaw has a lower impact and  the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP13 python-waitress package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789807",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789807"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-16789",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16789"
        },
        {
          "category": "external",
          "summary": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2",
          "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#id2"
        }
      ],
      "release_date": "2019-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "waitress: HTTP Request Smuggling through Invalid whitespace characters in headers"
    },
    {
      "cve": "CVE-2019-19911",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789540"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in Pillow in versions before 6.2.2, where the FpxImagePlugin.py file calls the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows systems running 32-bit Python, this flaw results in an OverflowError or MemoryError due to the 2 GB limit. On Linux systems running 64-bit Python, this flaw results in the termination of the process by the out-of-memory (OOM) killer. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include python-olefile, which is necessary to use the FPX image plugin.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-19911"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789540",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789540"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-19911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-19911"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19911"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: uncontrolled resource consumption in FpxImagePlugin.py"
    },
    {
      "cve": "CVE-2019-20477",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2020-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806005"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "PyYAML: command execution through python/object/apply constructor in FullLoader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of PyYAML as shipped with Red Hat Enterprise Linux 7, and 8 as they did not include the class FullLoader, which contains this vulnerability.\n\nThe PyYAML libary that is provided in the Red Hat OpenStack repositories is vulnerable. However, because there are no instances where this library is used in a way which exposes the vulnerability, the impact to OpenStack products has been reduced to \u0027low\u0027 and Red Hat will not be providing a fix at this time.  Any updates will be through RHEL channels.\n\nRed Hat Quay 3.2 uses the vulnerable load function, but only to parse the Nginx configuration file, which only contains trusted data.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20477"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806005",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806005"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20477"
        }
      ],
      "release_date": "2019-11-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        },
        {
          "category": "workaround",
          "details": "Use `yaml.safe_load` or the SafeLoader loader when you parse untrusted input.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "PyYAML: command execution through python/object/apply constructor in FullLoader"
    },
    {
      "cve": "CVE-2020-5310",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they did not include support for tiled TIFF images, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5310"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5310",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5310"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5310"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode"
    },
    {
      "cve": "CVE-2020-5311",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789535"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was discovered in python-pillow in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5311"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789535",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789535"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5311",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5311"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5311"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c"
    },
    {
      "cve": "CVE-2020-5312",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5312"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5312"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5312"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c"
    },
    {
      "cve": "CVE-2020-5313",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-01-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1789532"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-5313"
        },
        {
          "category": "external",
          "summary": "RHBZ#1789532",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789532"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-5313",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5313"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5313"
        }
      ],
      "release_date": "2020-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images"
    },
    {
      "cve": "CVE-2020-8131",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816261"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user\u2019s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "yarn: Arbitrary filesystem write via tar expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Normally yarn allows packages to run postinstall scripts which can write arbitrary files to the users system. This vulnerability allows an attacker to better hide the attack and also allow arbitrary file write when postinstall scripts are disabled with the \u0027--ignore-scripts\u0027 option of \u0027yarn install\u0027.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8131"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816261",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816261"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8131"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8131"
        }
      ],
      "release_date": "2020-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "yarn: Arbitrary filesystem write via tar expansion"
    },
    {
      "cve": "CVE-2020-10177",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10177"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10177"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10177"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c"
    },
    {
      "cve": "CVE-2020-10378",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852832"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX files where state-\u003eshuffle is instructed to read beyond state-\u003ebuffer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10378"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852832",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852832"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10378",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10378"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10378"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files"
    },
    {
      "cve": "CVE-2020-10379",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852836"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While python-pillow is listed as a dependency of Red Hat Quay, it is not used by the application.\n\nThis issue did not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they provide an older version of the code which does not include the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10379"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852836",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852836"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10379",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10379"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10379"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()"
    },
    {
      "cve": "CVE-2020-10994",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852820"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read data. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the JP2 image parser, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10994"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852820",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852820"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10994",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10994"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10994"
        }
      ],
      "release_date": "2020-06-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: multiple out-of-bounds reads via a crafted JP2 file"
    },
    {
      "cve": "CVE-2020-11538",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2020-07-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1852814"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to decode untrusted images may be vulnerable. This flaw allows an attacker to crash the application or potentially execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of python-pillow and python-imaging as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the SGI RLE image decoder, where the flaw lies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11538"
        },
        {
          "category": "external",
          "summary": "RHBZ#1852814",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852814"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11538"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11538"
        }
      ],
      "release_date": "2020-07-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
          "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
          "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-04T16:14:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0420"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:32d29a9bc9e6f4690d75b432bc36de8555828c7ecabe405f50add88140a13b2d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:cc204e9e439a64232673f7b3c1071ce7d1eee16c0f101688b276aa30eda55b06_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:324e4fd85bad0dd77f351b1c946040b0be639a63b4f90150e42739efde98a21c_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:afc774b0aa286a1a72143ae0ae3491dc6f6005b487bac20c10495c8d98b82165_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:70581e0c0ff015d0cb09caeb0e7d76714cd7903df04ae428003c3f8dc3fdb4a3_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:c3642669da261c8a7ee458fcba98abde522bf51e8695c30077840c787abc987e_amd64",
            "8Base-Quay-3:quay/quay-openshift-bridge-rhel8-operator@sha256:74af7b3f0fdd7c72395eb4628ded5c38f098bf11bccc5cfba2f4c5698911246c_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:87a68e36f451d24a493f25a2302897f7009ed7742e405e8e45988837c8b9c7f4_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:7bf688be0d6a587c14316c6df81b3a59dba8c308842b67d016bedaedfad95c98_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:bdded901debc402b5e5b85bfd3476cc9feda213b846abb2d3ca91d6d91acb34f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    }
  ]
}

RHSA-2021_0799

Vulnerability from csaf_redhat - Published: 2021-03-10 11:41 - Updated: 2024-12-17 21:13

Summary

Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update

Severity

Moderate

Notes

CVE-2020-9283

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2020-14040

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-15586

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-16845

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-26160

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-27813

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28362

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-29652

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2021-3121

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2021-20206

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64	—	Vendor Fix fix

Threats

Impact Moderate

References

129 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:0799	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1732329	external
https://bugzilla.redhat.com/show_bug.cgi?id=1783192	external
https://bugzilla.redhat.com/show_bug.cgi?id=1791753	external
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://bugzilla.redhat.com/show_bug.cgi?id=1848954	external
https://bugzilla.redhat.com/show_bug.cgi?id=1848956	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://bugzilla.redhat.com/show_bug.cgi?id=1853911	external
https://bugzilla.redhat.com/show_bug.cgi?id=1854098	external
https://bugzilla.redhat.com/show_bug.cgi?id=1856347	external
https://bugzilla.redhat.com/show_bug.cgi?id=1856953	external
https://bugzilla.redhat.com/show_bug.cgi?id=1859235	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860714	external
https://bugzilla.redhat.com/show_bug.cgi?id=1860992	external
https://bugzilla.redhat.com/show_bug.cgi?id=1864577	external
https://bugzilla.redhat.com/show_bug.cgi?id=1866593	external
https://bugzilla.redhat.com/show_bug.cgi?id=1867099	external
https://bugzilla.redhat.com/show_bug.cgi?id=1868817	external
https://bugzilla.redhat.com/show_bug.cgi?id=1873771	external
https://bugzilla.redhat.com/show_bug.cgi?id=1874812	external
https://bugzilla.redhat.com/show_bug.cgi?id=1878499	external
https://bugzilla.redhat.com/show_bug.cgi?id=1879108	external
https://bugzilla.redhat.com/show_bug.cgi?id=1881874	external
https://bugzilla.redhat.com/show_bug.cgi?id=1883232	external
https://bugzilla.redhat.com/show_bug.cgi?id=1883371	external
https://bugzilla.redhat.com/show_bug.cgi?id=1885153	external
https://bugzilla.redhat.com/show_bug.cgi?id=1885418	external
https://bugzilla.redhat.com/show_bug.cgi?id=1887398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1889295	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891285	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891440	external
https://bugzilla.redhat.com/show_bug.cgi?id=1892227	external
https://bugzilla.redhat.com/show_bug.cgi?id=1893278	external
https://bugzilla.redhat.com/show_bug.cgi?id=1893646	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894428	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894824	external
https://bugzilla.redhat.com/show_bug.cgi?id=1894897	external
https://bugzilla.redhat.com/show_bug.cgi?id=1895414	external
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://bugzilla.redhat.com/show_bug.cgi?id=1898072	external
https://bugzilla.redhat.com/show_bug.cgi?id=1898840	external
https://bugzilla.redhat.com/show_bug.cgi?id=1899558	external
https://bugzilla.redhat.com/show_bug.cgi?id=1901480	external
https://bugzilla.redhat.com/show_bug.cgi?id=1902046	external
https://bugzilla.redhat.com/show_bug.cgi?id=1902111	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903014	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903585	external
https://bugzilla.redhat.com/show_bug.cgi?id=1904797	external
https://bugzilla.redhat.com/show_bug.cgi?id=1906199	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907151	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907352	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907691	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907988	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908363	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908421	external
https://bugzilla.redhat.com/show_bug.cgi?id=1908883	external
https://bugzilla.redhat.com/show_bug.cgi?id=1909458	external
https://bugzilla.redhat.com/show_bug.cgi?id=1910857	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911118	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911396	external
https://bugzilla.redhat.com/show_bug.cgi?id=1911662	external
https://bugzilla.redhat.com/show_bug.cgi?id=1912908	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913248	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913320	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913717	external
https://bugzilla.redhat.com/show_bug.cgi?id=1913756	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914177	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914608	external
https://bugzilla.redhat.com/show_bug.cgi?id=1914947	external
https://bugzilla.redhat.com/show_bug.cgi?id=1917908	external
https://bugzilla.redhat.com/show_bug.cgi?id=1917963	external
https://bugzilla.redhat.com/show_bug.cgi?id=1919391	external
https://bugzilla.redhat.com/show_bug.cgi?id=1920576	external
https://bugzilla.redhat.com/show_bug.cgi?id=1920610	external
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://bugzilla.redhat.com/show_bug.cgi?id=1923979	external
https://bugzilla.redhat.com/show_bug.cgi?id=1927373	external
https://bugzilla.redhat.com/show_bug.cgi?id=1931376	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-9283	self
https://bugzilla.redhat.com/show_bug.cgi?id=1804533	external
https://www.cve.org/CVERecord?id=CVE-2020-9283	external
https://nvd.nist.gov/vuln/detail/CVE-2020-9283	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1853652	external
https://www.cve.org/CVERecord?id=CVE-2020-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2020-14040	external
https://github.com/golang/go/issues/39491	external
https://groups.google.com/forum/#!topic/golang-an…	external
https://access.redhat.com/security/cve/CVE-2020-15586	self
https://bugzilla.redhat.com/show_bug.cgi?id=1856953	external
https://www.cve.org/CVERecord?id=CVE-2020-15586	external
https://nvd.nist.gov/vuln/detail/CVE-2020-15586	external
https://groups.google.com/g/golang-announce/c/XZN…	external
https://access.redhat.com/security/cve/CVE-2020-16845	self
https://bugzilla.redhat.com/show_bug.cgi?id=1867099	external
https://www.cve.org/CVERecord?id=CVE-2020-16845	external
https://nvd.nist.gov/vuln/detail/CVE-2020-16845	external
https://groups.google.com/g/golang-announce/c/NyP…	external
https://access.redhat.com/security/cve/CVE-2020-26160	self
https://bugzilla.redhat.com/show_bug.cgi?id=1883371	external
https://www.cve.org/CVERecord?id=CVE-2020-26160	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26160	external
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJAL…	external
https://access.redhat.com/security/cve/CVE-2020-27813	self
https://bugzilla.redhat.com/show_bug.cgi?id=1902111	external
https://www.cve.org/CVERecord?id=CVE-2020-27813	external
https://nvd.nist.gov/vuln/detail/CVE-2020-27813	external
https://github.com/gorilla/websocket/security/adv…	external
https://access.redhat.com/security/cve/CVE-2020-28362	self
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://www.cve.org/CVERecord?id=CVE-2020-28362	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28362	external
https://access.redhat.com/security/cve/CVE-2020-29652	self
https://bugzilla.redhat.com/show_bug.cgi?id=1908883	external
https://www.cve.org/CVERecord?id=CVE-2020-29652	external
https://nvd.nist.gov/vuln/detail/CVE-2020-29652	external
https://groups.google.com/g/golang-announce/c/ouZ…	external
https://access.redhat.com/security/cve/CVE-2021-3121	self
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://www.cve.org/CVERecord?id=CVE-2021-3121	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3121	external
https://access.redhat.com/security/cve/CVE-2021-20206	self
https://bugzilla.redhat.com/show_bug.cgi?id=1919391	external
https://www.cve.org/CVERecord?id=CVE-2021-20206	external
https://nvd.nist.gov/vuln/detail/CVE-2021-20206	external

Acknowledgments

Red Hat Casey Callendrello

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for RHEL-8-CNV-2.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0799",
        "url": "https://access.redhat.com/errata/RHSA-2021:0799"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1732329",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732329"
      },
      {
        "category": "external",
        "summary": "1783192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783192"
      },
      {
        "category": "external",
        "summary": "1791753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791753"
      },
      {
        "category": "external",
        "summary": "1804533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
      },
      {
        "category": "external",
        "summary": "1848954",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848954"
      },
      {
        "category": "external",
        "summary": "1848956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848956"
      },
      {
        "category": "external",
        "summary": "1853652",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
      },
      {
        "category": "external",
        "summary": "1853911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853911"
      },
      {
        "category": "external",
        "summary": "1854098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854098"
      },
      {
        "category": "external",
        "summary": "1856347",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856347"
      },
      {
        "category": "external",
        "summary": "1856953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
      },
      {
        "category": "external",
        "summary": "1859235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859235"
      },
      {
        "category": "external",
        "summary": "1860714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860714"
      },
      {
        "category": "external",
        "summary": "1860992",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860992"
      },
      {
        "category": "external",
        "summary": "1864577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1864577"
      },
      {
        "category": "external",
        "summary": "1866593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866593"
      },
      {
        "category": "external",
        "summary": "1867099",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
      },
      {
        "category": "external",
        "summary": "1868817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868817"
      },
      {
        "category": "external",
        "summary": "1873771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873771"
      },
      {
        "category": "external",
        "summary": "1874812",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874812"
      },
      {
        "category": "external",
        "summary": "1878499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878499"
      },
      {
        "category": "external",
        "summary": "1879108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879108"
      },
      {
        "category": "external",
        "summary": "1881874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881874"
      },
      {
        "category": "external",
        "summary": "1883232",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883232"
      },
      {
        "category": "external",
        "summary": "1883371",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
      },
      {
        "category": "external",
        "summary": "1885153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885153"
      },
      {
        "category": "external",
        "summary": "1885418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885418"
      },
      {
        "category": "external",
        "summary": "1887398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887398"
      },
      {
        "category": "external",
        "summary": "1889295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889295"
      },
      {
        "category": "external",
        "summary": "1891285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891285"
      },
      {
        "category": "external",
        "summary": "1891440",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891440"
      },
      {
        "category": "external",
        "summary": "1892227",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892227"
      },
      {
        "category": "external",
        "summary": "1893278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893278"
      },
      {
        "category": "external",
        "summary": "1893646",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893646"
      },
      {
        "category": "external",
        "summary": "1894428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894428"
      },
      {
        "category": "external",
        "summary": "1894824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894824"
      },
      {
        "category": "external",
        "summary": "1894897",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894897"
      },
      {
        "category": "external",
        "summary": "1895414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895414"
      },
      {
        "category": "external",
        "summary": "1897635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
      },
      {
        "category": "external",
        "summary": "1898072",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898072"
      },
      {
        "category": "external",
        "summary": "1898840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898840"
      },
      {
        "category": "external",
        "summary": "1899558",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899558"
      },
      {
        "category": "external",
        "summary": "1901480",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901480"
      },
      {
        "category": "external",
        "summary": "1902046",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902046"
      },
      {
        "category": "external",
        "summary": "1902111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111"
      },
      {
        "category": "external",
        "summary": "1903014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903014"
      },
      {
        "category": "external",
        "summary": "1903585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903585"
      },
      {
        "category": "external",
        "summary": "1904797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904797"
      },
      {
        "category": "external",
        "summary": "1906199",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906199"
      },
      {
        "category": "external",
        "summary": "1907151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907151"
      },
      {
        "category": "external",
        "summary": "1907352",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907352"
      },
      {
        "category": "external",
        "summary": "1907691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907691"
      },
      {
        "category": "external",
        "summary": "1907988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907988"
      },
      {
        "category": "external",
        "summary": "1908363",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908363"
      },
      {
        "category": "external",
        "summary": "1908421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908421"
      },
      {
        "category": "external",
        "summary": "1908883",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883"
      },
      {
        "category": "external",
        "summary": "1909458",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909458"
      },
      {
        "category": "external",
        "summary": "1910857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910857"
      },
      {
        "category": "external",
        "summary": "1911118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911118"
      },
      {
        "category": "external",
        "summary": "1911396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911396"
      },
      {
        "category": "external",
        "summary": "1911662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911662"
      },
      {
        "category": "external",
        "summary": "1912908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912908"
      },
      {
        "category": "external",
        "summary": "1913248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913248"
      },
      {
        "category": "external",
        "summary": "1913320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913320"
      },
      {
        "category": "external",
        "summary": "1913717",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913717"
      },
      {
        "category": "external",
        "summary": "1913756",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913756"
      },
      {
        "category": "external",
        "summary": "1914177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914177"
      },
      {
        "category": "external",
        "summary": "1914608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914608"
      },
      {
        "category": "external",
        "summary": "1914947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914947"
      },
      {
        "category": "external",
        "summary": "1917908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917908"
      },
      {
        "category": "external",
        "summary": "1917963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917963"
      },
      {
        "category": "external",
        "summary": "1919391",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
      },
      {
        "category": "external",
        "summary": "1920576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920576"
      },
      {
        "category": "external",
        "summary": "1920610",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920610"
      },
      {
        "category": "external",
        "summary": "1921650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
      },
      {
        "category": "external",
        "summary": "1923979",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923979"
      },
      {
        "category": "external",
        "summary": "1927373",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927373"
      },
      {
        "category": "external",
        "summary": "1931376",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1931376"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0799.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-12-17T21:13:28+00:00",
      "generator": {
        "date": "2024-12-17T21:13:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2021:0799",
      "initial_release_date": "2021-03-10T11:41:12+00:00",
      "revision_history": [
        {
          "date": "2021-03-10T11:41:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-03-10T11:41:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T21:13:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 2.6 for RHEL 8",
                "product": {
                  "name": "CNV 2.6 for RHEL 8",
                  "product_id": "8Base-CNV-2.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                  "product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.6.0-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                  "product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.6.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                  "product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.6.0-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v2.6.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_id": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller\u0026tag=v2.6.0-25"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64 as a component of CNV 2.6 for RHEL 8",
          "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
        "relates_to_product_reference": "8Base-CNV-2.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-9283",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2020-02-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1804533"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the SSH package of the golang.org/x/crypto library. An attacker could exploit this flaw by supplying crafted SSH ed25519 keys to cause a crash in applications that use this package as either an SSH client or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform uses the vulnerable library in a number of components but strictly as an SSH client. The severity of this vulnerability is reduced for clients as it requires connections to malicious SSH servers, with the maximum impact only a client crash. This vulnerability is rated Low for OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "RHBZ#1804533",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804533"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
        }
      ],
      "release_date": "2020-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic"
    },
    {
      "cve": "CVE-2020-14040",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-06-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1853652"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1853652",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/39491",
          "url": "https://github.com/golang/go/issues/39491"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
          "url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
        }
      ],
      "release_date": "2020-06-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
    },
    {
      "cve": "CVE-2020-15586",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2020-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1856953"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "RHBZ#1856953",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
        }
      ],
      "release_date": "2020-07-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
    },
    {
      "cve": "CVE-2020-16845",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2020-08-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1867099"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4)  components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "RHBZ#1867099",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
          "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
        }
      ],
      "release_date": "2020-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
    },
    {
      "cve": "CVE-2020-26160",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2020-09-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1883371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in jwt-go where it is vulnerable to Access Restriction Bypass if m[\"aud\"] happens to be []string{}, as allowed by the spec, the type assertion fails and the value of aud is \"\". This can cause audience verification to succeed even if the audiences being passed are incorrect if required is set to false.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jwt-go: access restriction bypass vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The github.com/dgrijalva/jwt-go module is an indirect dependency of the k8s.io/client-go module pulled into Quay Bridge, and Setup operators via the Operator\u0027s SDK generated code. The k8s.io/client-go module does not use jwt-go in an unsafe way [1]. Red Hat Quay components have been marked as wontfix. This may be fixed in the future.\n\nSimilar to Quay, multiple OpenShift Container Platform (OCP) containers include jwt-go as a transient dependency due to go-autorest [1]. As such, those containers do not use jwt-go in an unsafe way. They have been marked wontfix at this time and may be fixed in a future update.\n\nSame as Quay and OpenShift Container Platform, components shipped with Red Hat OpenShift Container Storage 4 do not use jwt-go in an unsafe way and hence this issue has been rated as having a security impact of Low. A future update may address this issue.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli as a technical preview and is not currently planned to be addressed in future updates, hence the multi-cloud-object-gateway-cli package will not be fixed.\n\n[1] https://github.com/Azure/go-autorest/issues/568#issuecomment-703804062",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "RHBZ#1883371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26160"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515",
          "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515"
        }
      ],
      "release_date": "2020-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jwt-go: access restriction bypass vulnerability"
    },
    {
      "cve": "CVE-2020-27813",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-11-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1902111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang-github-gorilla-websocket: integer overflow leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "RHBZ#1902111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27813"
        },
        {
          "category": "external",
          "summary": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh",
          "url": "https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh"
        }
      ],
      "release_date": "2019-08-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang-github-gorilla-websocket: integer overflow leads to denial of service"
    },
    {
      "cve": "CVE-2020-28362",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2020-11-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1897635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: panic during recursive division of very large numbers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "RHBZ#1897635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
        }
      ],
      "release_date": "2020-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: panic during recursive division of very large numbers"
    },
    {
      "cve": "CVE-2020-29652",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908883"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A null pointer dereference vulnerability was found in golang. When using the library\u0027s ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the `gssapi-with-mic` authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A large number of products include the affected package, but do not make use of the vulnerable SSH server code.  Accordingly, the flaw itself is rated as \"Important\", but these products themselves all have a \"Low\" severity rating.\n\nAdditionally, a number of products include golang.org/x/crypto (or even golang.org/x/crypto/ssh/terminal) but not specifically golang.org/x/crypto/ssh/server.go in the final build. As this would result in a very large number of entries of not affected products, only products which include the ssh server code (golang.org/x/crypto/ssh/server.go) have been represented here.  \n\nRed Hat Enterprise Linux 8 container-tools:rhel8/containernetworking-plugins is not affected because although it uses some functionality from golang.org/x/crypto, it does not use or import anything from golang.org/x/crypto/ssh/*.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908883",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908883"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-29652",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1",
          "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
        }
      ],
      "release_date": "2020-12-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference"
    },
    {
      "cve": "CVE-2021-3121",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2021-01-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1921650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting  protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "RHBZ#1921650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
        }
      ],
      "release_date": "2021-01-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Casey Callendrello"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2021-20206",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1919391"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) does package a vulnerable version of containernetworking/cni, however, the NetworkDefinitionAttachment is defined in code and cannot be easily changed except through a user who has access to the operator namespace such as cluster-admin. As such, for OSSM, the impact is Moderate.\n\nThe fix for podman was released as a part of OpenShift 4.8 and is included in future releases.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
          "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
          "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-20206"
        },
        {
          "category": "external",
          "summary": "RHBZ#1919391",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20206",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20206"
        }
      ],
      "release_date": "2021-02-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-10T11:41:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0799"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:efb152ddc837945aad0163f96c9668cbb8271c2b14716b9fef5b798c27efbe48_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:2b78b4854b18e53e388d2d30bf68803e39f8fbc9a0b3713885081af25abfb3f1_amd64",
            "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:2dcf59515b784d6decf484c1d756d5ddf4b65a38e78800a76ef1dab51020e553_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64",
            "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:ad9c84b90577d32229b803f7b8d014f39f517d0961de46de972fce3801fdfdc8_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "containernetworking-cni: Arbitrary path injection via type field in CNI configuration"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14040 (GCVE-0-2020-14040)

Tags

Sightings

Nomenclature