Vulnerability-Lookup

CVE-2020-8203 (GCVE-0-2020-8203)

Vulnerability from cvelistv5 – Published: 2020-07-15 16:10 – Updated: 2024-08-04 09:56

Summary

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)

Assigner

hackerone

References

8 references

URL	Tags
https://hackerone.com/reports/712065	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2020072…	x_refsource_CONFIRM
https://github.com/lodash/lodash/issues/4874	x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	lodash	Affected: Not Fixed

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/712065"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200724-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/lodash/lodash/issues/4874"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lodash",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Not Fixed"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:23:22.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/712065"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200724-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lodash/lodash/issues/4874"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "lodash",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Not Fixed"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/712065",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/712065"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200724-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200724-0006/"
            },
            {
              "name": "https://github.com/lodash/lodash/issues/4874",
              "refsource": "MISC",
              "url": "https://github.com/lodash/lodash/issues/4874"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8203",
    "datePublished": "2020-07-15T16:10:27.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:56:28.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-8203",
      "date": "2026-06-04",
      "epss": "0.02546",
      "percentile": "0.8575"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"4.17.20\", \"matchCriteriaId\": \"5320B76A-C335-4F3B-A589-73CC64033FFB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF9A061-2421-426D-9854-0A4E55B2961D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B72B735F-4E52-484A-9C2C-23E6E2070385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B36A1D4-F391-4EE3-9A65-0A10568795BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0275F820-40BE-47B8-B167-815A55DF578E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C8E145E-1DF0-4B18-B625-F04DF71F6ACF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EABAFD73-150F-4DFE-B721-29EB4475D979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A45D47B-3401-49CF-92EE-79D007D802A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_liquidity_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33605127-1352-4285-AE96-B51156B70613\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_liquidity_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA7423C4-7016-429B-997F-61E7AEB8F696\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_liquidity_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7BC8689-5E87-43FE-ADE8-5907F581B08E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A8420D4-AAF1-44AA-BF28-48EE3ED310B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FB80AC5-35F2-4703-AD93-416B46972EEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E14324D-B9EE-4C06-ACC7-255189ED6300\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBEBB60F-6EAB-4AE5-B777-5044C657FBA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B185C1EA-71E6-4972-8637-08A33CC00841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1534C11-E3F5-49F3-8F8D-7C5C90951E69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1111BCFD-E336-4B31-A87E-76C684AC6DE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.1.2\", \"matchCriteriaId\": \"D0DBC938-A782-433F-8BF1-CA250C332AA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"790A89FD-6B86-49AE-9B4F-AE7262915E13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E39D442D-1997-49AF-8B02-5640BE2A26CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC7DB86F-3FAA-43C1-9C44-7CC5FB34419E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A561CF-09BE-4EDB-AAB7-4B057C0B0E44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECF63433-30CC-4E0D-B66A-FD160111763B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F2BFCE3-D743-4AC6-8FEC-75CAF66BFB65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D05530-BFC7-4652-B387-BC931F43AB5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DCDD73B-57B1-4580-B922-5662E3AC13B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B317147-064A-4786-B3D6-CDE1653E067E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2.6.0\", \"matchCriteriaId\": \"9722362B-027B-4311-8F3A-287AE1199019\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.12.0\", \"versionEndIncluding\": \"17.12.11\", \"matchCriteriaId\": \"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.8.0\", \"versionEndIncluding\": \"18.8.12\", \"matchCriteriaId\": \"301E7158-9090-467C-B3B4-30A8DB3B395D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"19.12.0\", \"versionEndIncluding\": \"19.12.11\", \"matchCriteriaId\": \"BBEFACB1-C8EA-492B-8F85-A564DB363C83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.12.0\", \"versionEndIncluding\": \"20.12.7\", \"matchCriteriaId\": \"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.\"}, {\"lang\": \"es\", \"value\": \"Un ataque de contaminaci\\u00f3n de prototipo cuando se utiliza _.zipObjectDeep en lodash versiones anteriores a 4.17.20\"}]",
      "id": "CVE-2020-8203",
      "lastModified": "2024-11-21T05:38:29.790",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-07-15T17:15:11.797",
      "references": "[{\"url\": \"https://github.com/lodash/lodash/issues/4874\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/712065\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200724-0006/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lodash/lodash/issues/4874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/712065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200724-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1321\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8203\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-07-15T17:15:11.797\",\"lastModified\":\"2024-11-21T05:38:29.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.\"},{\"lang\":\"es\",\"value\":\"Un ataque de contaminaci\u00f3n de prototipo cuando se utiliza _.zipObjectDeep en lodash versiones anteriores a 4.17.20\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.17.20\",\"matchCriteriaId\":\"5320B76A-C335-4F3B-A589-73CC64033FFB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF9A061-2421-426D-9854-0A4E55B2961D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B72B735F-4E52-484A-9C2C-23E6E2070385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B36A1D4-F391-4EE3-9A65-0A10568795BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0275F820-40BE-47B8-B167-815A55DF578E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8E145E-1DF0-4B18-B625-F04DF71F6ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EABAFD73-150F-4DFE-B721-29EB4475D979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A45D47B-3401-49CF-92EE-79D007D802A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_liquidity_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33605127-1352-4285-AE96-B51156B70613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_liquidity_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7423C4-7016-429B-997F-61E7AEB8F696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_liquidity_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BC8689-5E87-43FE-ADE8-5907F581B08E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A8420D4-AAF1-44AA-BF28-48EE3ED310B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FB80AC5-35F2-4703-AD93-416B46972EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E14324D-B9EE-4C06-ACC7-255189ED6300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBEBB60F-6EAB-4AE5-B777-5044C657FBA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B185C1EA-71E6-4972-8637-08A33CC00841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1534C11-E3F5-49F3-8F8D-7C5C90951E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1111BCFD-E336-4B31-A87E-76C684AC6DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC7DB86F-3FAA-43C1-9C44-7CC5FB34419E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C416FD3-2E2F-4BBC-BD5F-F896825883F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D886339E-EDB2-4879-BD54-1800E4CA9CAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A561CF-09BE-4EDB-AAB7-4B057C0B0E44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECF63433-30CC-4E0D-B66A-FD160111763B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2BFCE3-D743-4AC6-8FEC-75CAF66BFB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D05530-BFC7-4652-B387-BC931F43AB5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DCDD73B-57B1-4580-B922-5662E3AC13B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B317147-064A-4786-B3D6-CDE1653E067E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.6.0\",\"matchCriteriaId\":\"9722362B-027B-4311-8F3A-287AE1199019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.12\",\"matchCriteriaId\":\"301E7158-9090-467C-B3B4-30A8DB3B395D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.11\",\"matchCriteriaId\":\"BBEFACB1-C8EA-492B-8F85-A564DB363C83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.12.0\",\"versionEndIncluding\":\"20.12.7\",\"matchCriteriaId\":\"E6B70E72-B9FC-4E49-8EDD-29C7E14F5792\"}]}]}],\"references\":[{\"url\":\"https://github.com/lodash/lodash/issues/4874\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/712065\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200724-0006/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lodash/lodash/issues/4874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/712065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200724-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2021:3917

Vulnerability from csaf_redhat - Published: 2021-10-19 12:09 - Updated: 2026-05-14 22:31

Summary

Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update

Severity

Important

Notes

Topic: An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Quay 3.6.0 release Security Fix(es): * nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774) * python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289) * nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516) * nodejs-debug: Regular expression Denial of Service (CVE-2017-16137) * nodejs-mime: Regular expression Denial of Service (CVE-2017-16138) * nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107) * nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492) * nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270) * nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920) * nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237) * urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291) * python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290) * python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291) * python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292) * python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293) * nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515) * python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921) * python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922) * python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923) * python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552) * nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109) * lodash: Prototype pollution in utilities function (CVE-2018-3721) * hoek: Prototype pollution in utilities function (CVE-2018-3728) * lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266) * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608) * python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2017-16138

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-1109

A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. The highest threat from this vulnerability is system availability.

4.0 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

2.9 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

2.9 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3774

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Important

CVE-2018-16492

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

4.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-21270

A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-20920

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-20922

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-1010266

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

4.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-7608

A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a "__proto__" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-267 - Privilege Defined With Unsafe Actions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-8203

A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-15366

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-471 - Modification of Assumed-Immutable Data (MAID)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-26237

A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-26291

A flaw was found in urijs. The hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-35653

A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-35654

A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-23364

Regular Expression Denial of Service (ReDoS) vulnerability was found in browserslist library. An attacker can use this vulnerability to parse a query which potentially can lead to service degradation.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-23368

A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-23382

A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-25289

A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Important

CVE-2021-25290

A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25291

A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25292

A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25293

A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27515

An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27516

A flaw was found in nodejs-urijs where URI.js (urijs) mishandles certain uses of the backslash such as http:\/ and interprets the URI as a relative path. The highest threat from this vulnerability is to confidentiality.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-27921

A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-27922

A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27923

A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-34552

A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert()" or "ImagingConvertTransparent()" functions in Convert.c. The highest threat to this vulnerability is to system availability. In Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

References

201 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:3917	self
https://issues.redhat.com/browse/PROJQUAY-1926	external
https://issues.redhat.com/browse/PROJQUAY-1998	external
https://issues.redhat.com/browse/PROJQUAY-2050	external
https://issues.redhat.com/browse/PROJQUAY-2100	external
https://issues.redhat.com/browse/PROJQUAY-2102	external
https://issues.redhat.com/browse/PROJQUAY-672	external
https://bugzilla.redhat.com/show_bug.cgi?id=1901662	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915257	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915420	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915424	external
https://bugzilla.redhat.com/show_bug.cgi?id=1927293	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934470	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934474	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934680	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934685	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934692	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934699	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934705	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935384	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935396	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935401	external
https://bugzilla.redhat.com/show_bug.cgi?id=1940759	external
https://bugzilla.redhat.com/show_bug.cgi?id=1948763	external
https://bugzilla.redhat.com/show_bug.cgi?id=1954150	external
https://bugzilla.redhat.com/show_bug.cgi?id=1955619	external
https://bugzilla.redhat.com/show_bug.cgi?id=1982378	external
https://issues.redhat.com/browse/PROJQUAY-1417	external
https://issues.redhat.com/browse/PROJQUAY-1449	external
https://issues.redhat.com/browse/PROJQUAY-1535	external
https://issues.redhat.com/browse/PROJQUAY-1583	external
https://issues.redhat.com/browse/PROJQUAY-1609	external
https://issues.redhat.com/browse/PROJQUAY-1610	external
https://issues.redhat.com/browse/PROJQUAY-1791	external
https://issues.redhat.com/browse/PROJQUAY-1883	external
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500700	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500705	external
https://bugzilla.redhat.com/show_bug.cgi?id=1545884	external
https://bugzilla.redhat.com/show_bug.cgi?id=1545893	external
https://bugzilla.redhat.com/show_bug.cgi?id=1546357	external
https://bugzilla.redhat.com/show_bug.cgi?id=1547272	external
https://bugzilla.redhat.com/show_bug.cgi?id=1608140	external
https://bugzilla.redhat.com/show_bug.cgi?id=1743096	external
https://bugzilla.redhat.com/show_bug.cgi?id=1840004	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857412	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857977	external
https://bugzilla.redhat.com/show_bug.cgi?id=1882256	external
https://issues.redhat.com/browse/PROJQUAY-1887	external
https://bugzilla.redhat.com/show_bug.cgi?id=1882260	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-16137	self
https://bugzilla.redhat.com/show_bug.cgi?id=1500705	external
https://www.cve.org/CVERecord?id=CVE-2017-16137	external
https://nvd.nist.gov/vuln/detail/CVE-2017-16137	external
https://access.redhat.com/security/cve/CVE-2017-16138	self
https://bugzilla.redhat.com/show_bug.cgi?id=1500700	external
https://www.cve.org/CVERecord?id=CVE-2017-16138	external
https://nvd.nist.gov/vuln/detail/CVE-2017-16138	external
https://nodesecurity.io/advisories/535	external
https://access.redhat.com/security/cve/CVE-2018-1107	self
https://bugzilla.redhat.com/show_bug.cgi?id=1546357	external
https://www.cve.org/CVERecord?id=CVE-2018-1107	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1107	external
https://snyk.io/vuln/npm:is-my-json-valid:20180214	external
https://access.redhat.com/security/cve/CVE-2018-1109	self
https://bugzilla.redhat.com/show_bug.cgi?id=1547272	external
https://www.cve.org/CVERecord?id=CVE-2018-1109	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1109	external
https://snyk.io/vuln/npm:braces:20180219	external
https://access.redhat.com/security/cve/CVE-2018-3721	self
https://bugzilla.redhat.com/show_bug.cgi?id=1545884	external
https://www.cve.org/CVERecord?id=CVE-2018-3721	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3721	external
https://access.redhat.com/security/cve/CVE-2018-3728	self
https://bugzilla.redhat.com/show_bug.cgi?id=1545893	external
https://www.cve.org/CVERecord?id=CVE-2018-3728	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3728	external
https://access.redhat.com/security/cve/CVE-2018-3774	self
https://bugzilla.redhat.com/show_bug.cgi?id=1940759	external
https://www.cve.org/CVERecord?id=CVE-2018-3774	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3774	external
https://access.redhat.com/security/cve/CVE-2018-16492	self
https://bugzilla.redhat.com/show_bug.cgi?id=1608140	external
https://www.cve.org/CVERecord?id=CVE-2018-16492	external
https://nvd.nist.gov/vuln/detail/CVE-2018-16492	external
https://snyk.io/vuln/npm:extend:20180424	external
https://access.redhat.com/security/cve/CVE-2018-21270	self
https://bugzilla.redhat.com/show_bug.cgi?id=1927293	external
https://www.cve.org/CVERecord?id=CVE-2018-21270	external
https://nvd.nist.gov/vuln/detail/CVE-2018-21270	external
https://access.redhat.com/security/cve/CVE-2019-20920	self
https://bugzilla.redhat.com/show_bug.cgi?id=1882260	external
https://www.cve.org/CVERecord?id=CVE-2019-20920	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20920	external
https://www.npmjs.com/advisories/1316	external
https://www.npmjs.com/advisories/1324	external
https://access.redhat.com/security/cve/CVE-2019-20922	self
https://bugzilla.redhat.com/show_bug.cgi?id=1882256	external
https://www.cve.org/CVERecord?id=CVE-2019-20922	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20922	external
https://www.npmjs.com/advisories/1300	external
https://access.redhat.com/security/cve/CVE-2019-1010266	self
https://bugzilla.redhat.com/show_bug.cgi?id=1743096	external
https://www.cve.org/CVERecord?id=CVE-2019-1010266	external
https://nvd.nist.gov/vuln/detail/CVE-2019-1010266	external
https://access.redhat.com/security/cve/CVE-2020-7608	self
https://bugzilla.redhat.com/show_bug.cgi?id=1840004	external
https://www.cve.org/CVERecord?id=CVE-2020-7608	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7608	external
https://access.redhat.com/security/cve/CVE-2020-8203	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857412	external
https://www.cve.org/CVERecord?id=CVE-2020-8203	external
https://nvd.nist.gov/vuln/detail/CVE-2020-8203	external
https://hackerone.com/reports/712065	external
https://www.npmjs.com/advisories/1523	external
https://access.redhat.com/security/cve/CVE-2020-15366	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857977	external
https://www.cve.org/CVERecord?id=CVE-2020-15366	external
https://nvd.nist.gov/vuln/detail/CVE-2020-15366	external
https://snyk.io/vuln/SNYK-JS-AJV-584908	external
https://access.redhat.com/security/cve/CVE-2020-26237	self
https://bugzilla.redhat.com/show_bug.cgi?id=1901662	external
https://www.cve.org/CVERecord?id=CVE-2020-26237	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26237	external
https://github.com/highlightjs/highlight.js/secur…	external
https://access.redhat.com/security/cve/CVE-2020-26291	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915257	external
https://www.cve.org/CVERecord?id=CVE-2020-26291	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26291	external
https://github.com/medialize/URI.js/commit/b02bf0…	external
https://github.com/medialize/URI.js/releases/tag/…	external
https://github.com/medialize/URI.js/security/advi…	external
https://www.npmjs.com/package/urijs	external
https://access.redhat.com/security/cve/CVE-2020-35653	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915420	external
https://www.cve.org/CVERecord?id=CVE-2020-35653	external
https://nvd.nist.gov/vuln/detail/CVE-2020-35653	external
https://pillow.readthedocs.io/en/stable/releaseno…	external
https://access.redhat.com/security/cve/CVE-2020-35654	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915424	external
https://www.cve.org/CVERecord?id=CVE-2020-35654	external
https://nvd.nist.gov/vuln/detail/CVE-2020-35654	external
https://access.redhat.com/security/cve/CVE-2021-23364	self
https://bugzilla.redhat.com/show_bug.cgi?id=1955619	external
https://www.cve.org/CVERecord?id=CVE-2021-23364	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23364	external
https://access.redhat.com/security/cve/CVE-2021-23368	self
https://bugzilla.redhat.com/show_bug.cgi?id=1948763	external
https://www.cve.org/CVERecord?id=CVE-2021-23368	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23368	external
https://access.redhat.com/security/cve/CVE-2021-23382	self
https://bugzilla.redhat.com/show_bug.cgi?id=1954150	external
https://www.cve.org/CVERecord?id=CVE-2021-23382	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23382	external
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640	external
https://access.redhat.com/security/cve/CVE-2021-25289	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934680	external
https://www.cve.org/CVERecord?id=CVE-2021-25289	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25289	external
https://access.redhat.com/security/cve/CVE-2021-25290	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934685	external
https://www.cve.org/CVERecord?id=CVE-2021-25290	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25290	external
https://access.redhat.com/security/cve/CVE-2021-25291	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934692	external
https://www.cve.org/CVERecord?id=CVE-2021-25291	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25291	external
https://access.redhat.com/security/cve/CVE-2021-25292	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934699	external
https://www.cve.org/CVERecord?id=CVE-2021-25292	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25292	external
https://access.redhat.com/security/cve/CVE-2021-25293	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934705	external
https://www.cve.org/CVERecord?id=CVE-2021-25293	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25293	external
https://access.redhat.com/security/cve/CVE-2021-27515	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934474	external
https://www.cve.org/CVERecord?id=CVE-2021-27515	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27515	external
https://access.redhat.com/security/cve/CVE-2021-27516	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934470	external
https://www.cve.org/CVERecord?id=CVE-2021-27516	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27516	external
https://access.redhat.com/security/cve/CVE-2021-27921	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935384	external
https://www.cve.org/CVERecord?id=CVE-2021-27921	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27921	external
https://access.redhat.com/security/cve/CVE-2021-27922	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935396	external
https://www.cve.org/CVERecord?id=CVE-2021-27922	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27922	external
https://access.redhat.com/security/cve/CVE-2021-27923	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935401	external
https://www.cve.org/CVERecord?id=CVE-2021-27923	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27923	external
https://access.redhat.com/security/cve/CVE-2021-34552	self
https://bugzilla.redhat.com/show_bug.cgi?id=1982378	external
https://www.cve.org/CVERecord?id=CVE-2021-34552	external
https://nvd.nist.gov/vuln/detail/CVE-2021-34552	external
https://pillow.readthedocs.io/en/stable/releaseno…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Quay 3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3917",
        "url": "https://access.redhat.com/errata/RHSA-2021:3917"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1926",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1926"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1998",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1998"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2050",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2050"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2100",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2100"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2102",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2102"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-672",
        "url": "https://issues.redhat.com/browse/PROJQUAY-672"
      },
      {
        "category": "external",
        "summary": "1901662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
      },
      {
        "category": "external",
        "summary": "1915257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
      },
      {
        "category": "external",
        "summary": "1915420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
      },
      {
        "category": "external",
        "summary": "1915424",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
      },
      {
        "category": "external",
        "summary": "1927293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
      },
      {
        "category": "external",
        "summary": "1934470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
      },
      {
        "category": "external",
        "summary": "1934474",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
      },
      {
        "category": "external",
        "summary": "1934680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
      },
      {
        "category": "external",
        "summary": "1934685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
      },
      {
        "category": "external",
        "summary": "1934692",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
      },
      {
        "category": "external",
        "summary": "1934699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
      },
      {
        "category": "external",
        "summary": "1934705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
      },
      {
        "category": "external",
        "summary": "1935384",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
      },
      {
        "category": "external",
        "summary": "1935396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
      },
      {
        "category": "external",
        "summary": "1935401",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
      },
      {
        "category": "external",
        "summary": "1940759",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
      },
      {
        "category": "external",
        "summary": "1948763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
      },
      {
        "category": "external",
        "summary": "1954150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
      },
      {
        "category": "external",
        "summary": "1955619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
      },
      {
        "category": "external",
        "summary": "1982378",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1417",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1417"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1449",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1449"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1535",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1535"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1583",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1583"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1609",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1609"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1610",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1610"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1791",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1791"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1883",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1883"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1500700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
      },
      {
        "category": "external",
        "summary": "1500705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
      },
      {
        "category": "external",
        "summary": "1545884",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
      },
      {
        "category": "external",
        "summary": "1545893",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
      },
      {
        "category": "external",
        "summary": "1546357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
      },
      {
        "category": "external",
        "summary": "1547272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
      },
      {
        "category": "external",
        "summary": "1608140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
      },
      {
        "category": "external",
        "summary": "1743096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
      },
      {
        "category": "external",
        "summary": "1840004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
      },
      {
        "category": "external",
        "summary": "1857412",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
      },
      {
        "category": "external",
        "summary": "1857977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
      },
      {
        "category": "external",
        "summary": "1882256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1887",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1887"
      },
      {
        "category": "external",
        "summary": "1882260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3917.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-14T22:31:21+00:00",
      "generator": {
        "date": "2026-05-14T22:31:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2021:3917",
      "initial_release_date": "2021-10-19T12:09:35+00:00",
      "revision_history": [
        {
          "date": "2021-10-19T12:09:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-10-19T12:09:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:31:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                  "product_id": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.6.0-35"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                  "product_id": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.6.0-40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                "product": {
                  "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                  "product_id": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.6.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                "product": {
                  "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                  "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.6.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                "product": {
                  "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                  "product_id": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.6.0-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                  "product_id": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.6.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                  "product_id": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.6.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.6.0-48"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                "product": {
                  "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                  "product_id": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.6.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                "product": {
                  "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                  "product_id": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.6.0-62"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64"
        },
        "product_reference": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64"
        },
        "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64"
        },
        "product_reference": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        },
        "product_reference": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        },
        "product_reference": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16137",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1500705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-debug: Regular expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the versions of rh-nodejs4-nodejs-debug, rh-nodejs6-nodejs-debug, and rh-nodejs8-nodejs-debug as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of nodejs-debug as a part of the ovirt-engine-api-explorer package.  This package is removed in Red Hat Virtualization 4.3.\n\nRed Hat Quay includes the debug library as a dependency of karma-webpack. It is only used at build time, and not runtime so its impact is reduce to low in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16137"
        },
        {
          "category": "external",
          "summary": "RHBZ#1500705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137"
        }
      ],
      "release_date": "2017-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-debug: Regular expression Denial of Service"
    },
    {
      "cve": "CVE-2017-16138",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1500700"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-mime: Regular expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Virtualization 4.2 EUS contained a vulnerable version of nodejs-mime in the ovirt-engine-dashboard package. This package has been removed in Red Hat Virtualization 4.2.\n\nRed Hat Quay includes mime as a dependency of Karma. It\u0027s only used at build time, not runtime so this vulnerability has a low impact of Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "RHBZ#1500700",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "https://nodesecurity.io/advisories/535",
          "url": "https://nodesecurity.io/advisories/535"
        }
      ],
      "release_date": "2017-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-mime: Regular expression Denial of Service"
    },
    {
      "cve": "CVE-2018-1107",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2018-02-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1546357"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Quay the is-my-json-valid library is included as a build time dependency of protractor. It\u0027s only used at build time, not at runtime reducing the impact to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "RHBZ#1546357",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:is-my-json-valid:20180214",
          "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"
        }
      ],
      "release_date": "2018-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format"
    },
    {
      "cve": "CVE-2018-1109",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2018-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1547272"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes braces as a dependency of webpack. Braces is only used at build time, not at runtime, reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "RHBZ#1547272",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:braces:20180219",
          "url": "https://snyk.io/vuln/npm:braces:20180219"
        }
      ],
      "release_date": "2018-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js"
    },
    {
      "cve": "CVE-2018-3721",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-02-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1545884"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: Prototype pollution in utilities function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat CloudForms version 4.7 does not ship component lodash, so isn\u0027t affected by this flaw.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of lodash as part of the ovirt-engine-dashboard package. This package has been removed from Red Hat Virtualization 4.3.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3721"
        },
        {
          "category": "external",
          "summary": "RHBZ#1545884",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721"
        }
      ],
      "release_date": "2018-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "lodash: Prototype pollution in utilities function"
    },
    {
      "cve": "CVE-2018-3728",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-02-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1545893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hoek: Prototype pollution in utilities function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3728"
        },
        {
          "category": "external",
          "summary": "RHBZ#1545893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3728"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
        }
      ],
      "release_date": "2018-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hoek: Prototype pollution in utilities function"
    },
    {
      "cve": "CVE-2018-3774",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-08-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1940759"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-url-parse: incorrect hostname in url parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3774"
        },
        {
          "category": "external",
          "summary": "RHBZ#1940759",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3774",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3774"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774"
        }
      ],
      "release_date": "2018-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs-url-parse: incorrect hostname in url parsing"
    },
    {
      "cve": "CVE-2018-16492",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-07-25T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1608140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A prototype pollution vulnerability was found in module extend \u003c2.0.2, ~\u003c3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-extend: Prototype pollution can allow attackers to modify object properties",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes \u0027extend\u0027 as a build time dependency. It\u0027s not used at runtime reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "RHBZ#1608140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:extend:20180424",
          "url": "https://snyk.io/vuln/npm:extend:20180424"
        }
      ],
      "release_date": "2018-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-extend: Prototype pollution can allow attackers to modify object properties"
    },
    {
      "cve": "CVE-2018-21270",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2020-12-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1927293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay include stringstream as a dependency of Karma. Karma is only used at build time, and not at runtime reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-21270"
        },
        {
          "category": "external",
          "summary": "RHBZ#1927293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-21270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-21270"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270"
        }
      ],
      "release_date": "2020-05-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure"
    },
    {
      "cve": "CVE-2019-20920",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1316",
          "url": "https://www.npmjs.com/advisories/1316"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1324",
          "url": "https://www.npmjs.com/advisories/1324"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
    },
    {
      "cve": "CVE-2019-20922",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882256"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882256",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1300",
          "url": "https://www.npmjs.com/advisories/1300"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
    },
    {
      "cve": "CVE-2019-1010266",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-07-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1743096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: uncontrolled resource consumption in Data handler causing denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1010266"
        },
        {
          "category": "external",
          "summary": "RHBZ#1743096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1010266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266"
        }
      ],
      "release_date": "2019-04-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "lodash: uncontrolled resource consumption in Data handler causing denial of service"
    },
    {
      "cve": "CVE-2020-7608",
      "cwe": {
        "id": "CWE-267",
        "name": "Privilege Defined With Unsafe Actions"
      },
      "discovery_date": "2020-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1840004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-yargs-parser: prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7608"
        },
        {
          "category": "external",
          "summary": "RHBZ#1840004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608"
        }
      ],
      "release_date": "2020-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-yargs-parser: prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2020-8203",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857412"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-lodash: prototype pollution in zipObjectDeep function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and Red Hat OpenShift Container Platform (RHOCP), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-lodash library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nRed Hat Virtualization uses vulnerable version of nodejs-lodash, however zipObjectDeep is not used, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857412",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "https://hackerone.com/reports/712065",
          "url": "https://hackerone.com/reports/712065"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1523",
          "url": "https://www.npmjs.com/advisories/1523"
        }
      ],
      "release_date": "2020-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-lodash: prototype pollution in zipObjectDeep function"
    },
    {
      "cve": "CVE-2020-15366",
      "cwe": {
        "id": "CWE-471",
        "name": "Modification of Assumed-Immutable Data (MAID)"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857977"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-ajv library to authenticated users only, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857977",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-AJV-584908",
          "url": "https://snyk.io/vuln/SNYK-JS-AJV-584908"
        }
      ],
      "release_date": "2020-07-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function"
    },
    {
      "cve": "CVE-2020-26237",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-11-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1901662"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object\u0027s prototype during highlighting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-highlight-js: prototype pollution via a crafted HTML code block",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Virtualization, ovirt-engine-api-explorer uses a vulnerable version of highlight.js, however since release 4.4.3 ovirt-engine-api-explorer is obsoleted and no longer used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "RHBZ#1901662",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx",
          "url": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx"
        }
      ],
      "release_date": "2020-11-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-highlight-js: prototype pollution via a crafted HTML code block"
    },
    {
      "cve": "CVE-2020-26291",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915257"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urijs. The hostname can be spoofed by using a backslash (`\\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urijs: Hostname spoofing via backslashes in URL",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915257",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155",
          "url": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/releases/tag/v1.19.4",
          "url": "https://github.com/medialize/URI.js/releases/tag/v1.19.4"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg",
          "url": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/urijs",
          "url": "https://www.npmjs.com/package/urijs"
        }
      ],
      "release_date": "2020-12-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "urijs: Hostname spoofing via backslashes in URL"
    },
    {
      "cve": "CVE-2020-35653",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Buffer over-read in PCX image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
        }
      ],
      "release_date": "2021-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: Buffer over-read in PCX image reader"
    },
    {
      "cve": "CVE-2020-35654",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915424"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915424",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
        }
      ],
      "release_date": "2021-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow"
    },
    {
      "cve": "CVE-2021-23364",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1955619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Regular Expression Denial of Service (ReDoS)  vulnerability was found in browserslist library. An attacker can use this vulnerability to parse a query which potentially can lead to service degradation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of nodejs browserslist library, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. \nThis applies to the following products:\n  - OpenShift Container Platform (OCP)\n  - OpenShift ServiceMesh (OSSM)\n  - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n\nIn Red Had Quay , whilst a vulnerable version of `browserslist` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23364"
        },
        {
          "category": "external",
          "summary": "RHBZ#1955619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364"
        }
      ],
      "release_date": "2021-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)"
    },
    {
      "cve": "CVE-2021-23368",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948763"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-postcss: Regular expression denial of service during source map parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.\n\nIn Red Hat Virtualization a vulnerable version of postcss is used in cockpit-ovirt, ovirt-web-ui and ovirt-engine-ui-extensions. However, it is only used during development and is used to process known CSS content. This flaw has been marked as \"wontfix\" and it may be addressed in future updates.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23368"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948763",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-postcss: Regular expression denial of service during source map parsing"
    },
    {
      "cve": "CVE-2021-23382",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1954150"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "RHBZ#1954150",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
          "url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
        }
      ],
      "release_date": "2021-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js"
    },
    {
      "cve": "CVE-2021-25289",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934680"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25289"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934680",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c"
    },
    {
      "cve": "CVE-2021-25290",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Negative-offset memcpy in TIFF image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25290"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25290"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Negative-offset memcpy in TIFF image reader"
    },
    {
      "cve": "CVE-2021-25291",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934692"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 8 as it does not include the vulnerable code, which was introduced in a newer upstream version than what what shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934692",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c"
    },
    {
      "cve": "CVE-2021-25292",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Regular expression DoS in PDF format parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25292"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Regular expression DoS in PDF format parser"
    },
    {
      "cve": "CVE-2021-25293",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Out-of-bounds read in SGI RLE image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25293"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Out-of-bounds read in SGI RLE image reader"
    },
    {
      "cve": "CVE-2021-27515",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934474"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27515"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934474",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515"
        }
      ],
      "release_date": "2021-02-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise"
    },
    {
      "cve": "CVE-2021-27516",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934470"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-urijs where URI.js (urijs) mishandles certain uses of the backslash such as http:\\/ and interprets the URI as a relative path. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes the urijs dependency in it\u0027s package.lock file but it\u0027s not used anywhere in the code.\n\nRed Hat Advanced Cluster Management for Kubernetes uses Quay as a service, but not code from Quay that exists in RHACM.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27516"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934470",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27516"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516"
        }
      ],
      "release_date": "2021-02-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise"
    },
    {
      "cve": "CVE-2021-27921",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935384"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in BLP image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27921"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935384",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in BLP image reader"
    },
    {
      "cve": "CVE-2021-27922",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935396"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in ICNS image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935396",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in ICNS image reader"
    },
    {
      "cve": "CVE-2021-27923",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in ICO image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27923"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in ICO image reader"
    },
    {
      "cve": "CVE-2021-34552",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2021-07-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1982378"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the \"convert()\" or \"ImagingConvertTransparent()\" functions in Convert.c. The highest threat to this vulnerability is to system availability.\r\n\r\nIn Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Buffer overflow in image convert function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Due to the compiler options used, the buffer overflow is detected and the impact is lowered to a crash only. Additionally, the \"mode\" parameter has to be attacker controlled, which is considered a rare case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "RHBZ#1982378",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow"
        }
      ],
      "release_date": "2021-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw on Red Hat Quay, keep the invoice generation feature disabled, as it is by default.\n\nRed Hat Satellite 6.9 customers can apply following hotfix to eliminate the vulnerability warnings.\n* Download python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm from https://bugzilla.redhat.com/attachment.cgi?id=1819471\n* Stop services:\n# satellite-maintain service stop\n* Upgrade python2-daemon and remove affected package\n# rpm -Uvh python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm\n# yum remove python-pillow\n* Restart services:\n# satellite-maintain service start\n\nSatellite 6.10 future release is also fixing this.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Buffer overflow in image convert function"
    }
  ]
}

RHSA-2021_3917

Vulnerability from csaf_redhat - Published: 2021-10-19 12:09 - Updated: 2024-11-24 20:23

Summary

Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update

Severity

Important

Notes

CVE-2017-16137

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2017-16138

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-1107

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-1109

4.0 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3721

2.9 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3728

2.9 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-3774

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Important

CVE-2018-16492

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

4.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2018-21270

A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-20920

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-20922

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2019-1010266

4.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-7608

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-267 - Privilege Defined With Unsafe Actions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-8203

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-15366

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-471 - Modification of Assumed-Immutable Data (MAID)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-26237

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-26291

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2020-35653

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2020-35654

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-23364

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-23368

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-23382

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-25289

A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Important

CVE-2021-25290

A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25291

A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25292

A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-25293

A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27515

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27516

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Low

CVE-2021-27921

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-27922

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix

Known not affected 9 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64		—
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64		—

Threats

Impact Moderate

CVE-2021-27923

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

CVE-2021-34552

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64		—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64	—	Workaround
Unresolved product id: 8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64	—	Workaround

Threats

Impact Moderate

References

201 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:3917	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500700	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500705	external
https://bugzilla.redhat.com/show_bug.cgi?id=1545884	external
https://bugzilla.redhat.com/show_bug.cgi?id=1545893	external
https://bugzilla.redhat.com/show_bug.cgi?id=1546357	external
https://bugzilla.redhat.com/show_bug.cgi?id=1547272	external
https://bugzilla.redhat.com/show_bug.cgi?id=1608140	external
https://bugzilla.redhat.com/show_bug.cgi?id=1743096	external
https://bugzilla.redhat.com/show_bug.cgi?id=1840004	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857412	external
https://bugzilla.redhat.com/show_bug.cgi?id=1857977	external
https://bugzilla.redhat.com/show_bug.cgi?id=1882256	external
https://bugzilla.redhat.com/show_bug.cgi?id=1882260	external
https://bugzilla.redhat.com/show_bug.cgi?id=1901662	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915257	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915420	external
https://bugzilla.redhat.com/show_bug.cgi?id=1915424	external
https://bugzilla.redhat.com/show_bug.cgi?id=1927293	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934470	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934474	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934680	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934685	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934692	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934699	external
https://bugzilla.redhat.com/show_bug.cgi?id=1934705	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935384	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935396	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935401	external
https://bugzilla.redhat.com/show_bug.cgi?id=1940759	external
https://bugzilla.redhat.com/show_bug.cgi?id=1948763	external
https://bugzilla.redhat.com/show_bug.cgi?id=1954150	external
https://bugzilla.redhat.com/show_bug.cgi?id=1955619	external
https://bugzilla.redhat.com/show_bug.cgi?id=1982378	external
https://issues.redhat.com/browse/PROJQUAY-1417	external
https://issues.redhat.com/browse/PROJQUAY-1449	external
https://issues.redhat.com/browse/PROJQUAY-1535	external
https://issues.redhat.com/browse/PROJQUAY-1583	external
https://issues.redhat.com/browse/PROJQUAY-1609	external
https://issues.redhat.com/browse/PROJQUAY-1610	external
https://issues.redhat.com/browse/PROJQUAY-1791	external
https://issues.redhat.com/browse/PROJQUAY-1883	external
https://issues.redhat.com/browse/PROJQUAY-1887	external
https://issues.redhat.com/browse/PROJQUAY-1926	external
https://issues.redhat.com/browse/PROJQUAY-1998	external
https://issues.redhat.com/browse/PROJQUAY-2050	external
https://issues.redhat.com/browse/PROJQUAY-2100	external
https://issues.redhat.com/browse/PROJQUAY-2102	external
https://issues.redhat.com/browse/PROJQUAY-672	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-16137	self
https://bugzilla.redhat.com/show_bug.cgi?id=1500705	external
https://www.cve.org/CVERecord?id=CVE-2017-16137	external
https://nvd.nist.gov/vuln/detail/CVE-2017-16137	external
https://access.redhat.com/security/cve/CVE-2017-16138	self
https://bugzilla.redhat.com/show_bug.cgi?id=1500700	external
https://www.cve.org/CVERecord?id=CVE-2017-16138	external
https://nvd.nist.gov/vuln/detail/CVE-2017-16138	external
https://nodesecurity.io/advisories/535	external
https://access.redhat.com/security/cve/CVE-2018-1107	self
https://bugzilla.redhat.com/show_bug.cgi?id=1546357	external
https://www.cve.org/CVERecord?id=CVE-2018-1107	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1107	external
https://snyk.io/vuln/npm:is-my-json-valid:20180214	external
https://access.redhat.com/security/cve/CVE-2018-1109	self
https://bugzilla.redhat.com/show_bug.cgi?id=1547272	external
https://www.cve.org/CVERecord?id=CVE-2018-1109	external
https://nvd.nist.gov/vuln/detail/CVE-2018-1109	external
https://snyk.io/vuln/npm:braces:20180219	external
https://access.redhat.com/security/cve/CVE-2018-3721	self
https://bugzilla.redhat.com/show_bug.cgi?id=1545884	external
https://www.cve.org/CVERecord?id=CVE-2018-3721	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3721	external
https://access.redhat.com/security/cve/CVE-2018-3728	self
https://bugzilla.redhat.com/show_bug.cgi?id=1545893	external
https://www.cve.org/CVERecord?id=CVE-2018-3728	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3728	external
https://access.redhat.com/security/cve/CVE-2018-3774	self
https://bugzilla.redhat.com/show_bug.cgi?id=1940759	external
https://www.cve.org/CVERecord?id=CVE-2018-3774	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3774	external
https://access.redhat.com/security/cve/CVE-2018-16492	self
https://bugzilla.redhat.com/show_bug.cgi?id=1608140	external
https://www.cve.org/CVERecord?id=CVE-2018-16492	external
https://nvd.nist.gov/vuln/detail/CVE-2018-16492	external
https://snyk.io/vuln/npm:extend:20180424	external
https://access.redhat.com/security/cve/CVE-2018-21270	self
https://bugzilla.redhat.com/show_bug.cgi?id=1927293	external
https://www.cve.org/CVERecord?id=CVE-2018-21270	external
https://nvd.nist.gov/vuln/detail/CVE-2018-21270	external
https://access.redhat.com/security/cve/CVE-2019-20920	self
https://bugzilla.redhat.com/show_bug.cgi?id=1882260	external
https://www.cve.org/CVERecord?id=CVE-2019-20920	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20920	external
https://www.npmjs.com/advisories/1316	external
https://www.npmjs.com/advisories/1324	external
https://access.redhat.com/security/cve/CVE-2019-20922	self
https://bugzilla.redhat.com/show_bug.cgi?id=1882256	external
https://www.cve.org/CVERecord?id=CVE-2019-20922	external
https://nvd.nist.gov/vuln/detail/CVE-2019-20922	external
https://www.npmjs.com/advisories/1300	external
https://access.redhat.com/security/cve/CVE-2019-1010266	self
https://bugzilla.redhat.com/show_bug.cgi?id=1743096	external
https://www.cve.org/CVERecord?id=CVE-2019-1010266	external
https://nvd.nist.gov/vuln/detail/CVE-2019-1010266	external
https://access.redhat.com/security/cve/CVE-2020-7608	self
https://bugzilla.redhat.com/show_bug.cgi?id=1840004	external
https://www.cve.org/CVERecord?id=CVE-2020-7608	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7608	external
https://access.redhat.com/security/cve/CVE-2020-8203	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857412	external
https://www.cve.org/CVERecord?id=CVE-2020-8203	external
https://nvd.nist.gov/vuln/detail/CVE-2020-8203	external
https://hackerone.com/reports/712065	external
https://www.npmjs.com/advisories/1523	external
https://access.redhat.com/security/cve/CVE-2020-15366	self
https://bugzilla.redhat.com/show_bug.cgi?id=1857977	external
https://www.cve.org/CVERecord?id=CVE-2020-15366	external
https://nvd.nist.gov/vuln/detail/CVE-2020-15366	external
https://snyk.io/vuln/SNYK-JS-AJV-584908	external
https://access.redhat.com/security/cve/CVE-2020-26237	self
https://bugzilla.redhat.com/show_bug.cgi?id=1901662	external
https://www.cve.org/CVERecord?id=CVE-2020-26237	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26237	external
https://github.com/highlightjs/highlight.js/secur…	external
https://access.redhat.com/security/cve/CVE-2020-26291	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915257	external
https://www.cve.org/CVERecord?id=CVE-2020-26291	external
https://nvd.nist.gov/vuln/detail/CVE-2020-26291	external
https://github.com/medialize/URI.js/commit/b02bf0…	external
https://github.com/medialize/URI.js/releases/tag/…	external
https://github.com/medialize/URI.js/security/advi…	external
https://www.npmjs.com/package/urijs	external
https://access.redhat.com/security/cve/CVE-2020-35653	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915420	external
https://www.cve.org/CVERecord?id=CVE-2020-35653	external
https://nvd.nist.gov/vuln/detail/CVE-2020-35653	external
https://pillow.readthedocs.io/en/stable/releaseno…	external
https://access.redhat.com/security/cve/CVE-2020-35654	self
https://bugzilla.redhat.com/show_bug.cgi?id=1915424	external
https://www.cve.org/CVERecord?id=CVE-2020-35654	external
https://nvd.nist.gov/vuln/detail/CVE-2020-35654	external
https://access.redhat.com/security/cve/CVE-2021-23364	self
https://bugzilla.redhat.com/show_bug.cgi?id=1955619	external
https://www.cve.org/CVERecord?id=CVE-2021-23364	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23364	external
https://access.redhat.com/security/cve/CVE-2021-23368	self
https://bugzilla.redhat.com/show_bug.cgi?id=1948763	external
https://www.cve.org/CVERecord?id=CVE-2021-23368	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23368	external
https://access.redhat.com/security/cve/CVE-2021-23382	self
https://bugzilla.redhat.com/show_bug.cgi?id=1954150	external
https://www.cve.org/CVERecord?id=CVE-2021-23382	external
https://nvd.nist.gov/vuln/detail/CVE-2021-23382	external
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640	external
https://access.redhat.com/security/cve/CVE-2021-25289	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934680	external
https://www.cve.org/CVERecord?id=CVE-2021-25289	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25289	external
https://access.redhat.com/security/cve/CVE-2021-25290	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934685	external
https://www.cve.org/CVERecord?id=CVE-2021-25290	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25290	external
https://access.redhat.com/security/cve/CVE-2021-25291	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934692	external
https://www.cve.org/CVERecord?id=CVE-2021-25291	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25291	external
https://access.redhat.com/security/cve/CVE-2021-25292	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934699	external
https://www.cve.org/CVERecord?id=CVE-2021-25292	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25292	external
https://access.redhat.com/security/cve/CVE-2021-25293	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934705	external
https://www.cve.org/CVERecord?id=CVE-2021-25293	external
https://nvd.nist.gov/vuln/detail/CVE-2021-25293	external
https://access.redhat.com/security/cve/CVE-2021-27515	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934474	external
https://www.cve.org/CVERecord?id=CVE-2021-27515	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27515	external
https://access.redhat.com/security/cve/CVE-2021-27516	self
https://bugzilla.redhat.com/show_bug.cgi?id=1934470	external
https://www.cve.org/CVERecord?id=CVE-2021-27516	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27516	external
https://access.redhat.com/security/cve/CVE-2021-27921	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935384	external
https://www.cve.org/CVERecord?id=CVE-2021-27921	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27921	external
https://access.redhat.com/security/cve/CVE-2021-27922	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935396	external
https://www.cve.org/CVERecord?id=CVE-2021-27922	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27922	external
https://access.redhat.com/security/cve/CVE-2021-27923	self
https://bugzilla.redhat.com/show_bug.cgi?id=1935401	external
https://www.cve.org/CVERecord?id=CVE-2021-27923	external
https://nvd.nist.gov/vuln/detail/CVE-2021-27923	external
https://access.redhat.com/security/cve/CVE-2021-34552	self
https://bugzilla.redhat.com/show_bug.cgi?id=1982378	external
https://www.cve.org/CVERecord?id=CVE-2021-34552	external
https://nvd.nist.gov/vuln/detail/CVE-2021-34552	external
https://pillow.readthedocs.io/en/stable/releaseno…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Quay 3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:3917",
        "url": "https://access.redhat.com/errata/RHSA-2021:3917"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1500700",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
      },
      {
        "category": "external",
        "summary": "1500705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
      },
      {
        "category": "external",
        "summary": "1545884",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
      },
      {
        "category": "external",
        "summary": "1545893",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
      },
      {
        "category": "external",
        "summary": "1546357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
      },
      {
        "category": "external",
        "summary": "1547272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
      },
      {
        "category": "external",
        "summary": "1608140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
      },
      {
        "category": "external",
        "summary": "1743096",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
      },
      {
        "category": "external",
        "summary": "1840004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
      },
      {
        "category": "external",
        "summary": "1857412",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
      },
      {
        "category": "external",
        "summary": "1857977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
      },
      {
        "category": "external",
        "summary": "1882256",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
      },
      {
        "category": "external",
        "summary": "1882260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
      },
      {
        "category": "external",
        "summary": "1901662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
      },
      {
        "category": "external",
        "summary": "1915257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
      },
      {
        "category": "external",
        "summary": "1915420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
      },
      {
        "category": "external",
        "summary": "1915424",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
      },
      {
        "category": "external",
        "summary": "1927293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
      },
      {
        "category": "external",
        "summary": "1934470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
      },
      {
        "category": "external",
        "summary": "1934474",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
      },
      {
        "category": "external",
        "summary": "1934680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
      },
      {
        "category": "external",
        "summary": "1934685",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
      },
      {
        "category": "external",
        "summary": "1934692",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
      },
      {
        "category": "external",
        "summary": "1934699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
      },
      {
        "category": "external",
        "summary": "1934705",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
      },
      {
        "category": "external",
        "summary": "1935384",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
      },
      {
        "category": "external",
        "summary": "1935396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
      },
      {
        "category": "external",
        "summary": "1935401",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
      },
      {
        "category": "external",
        "summary": "1940759",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
      },
      {
        "category": "external",
        "summary": "1948763",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
      },
      {
        "category": "external",
        "summary": "1954150",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
      },
      {
        "category": "external",
        "summary": "1955619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
      },
      {
        "category": "external",
        "summary": "1982378",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1417",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1417"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1449",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1449"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1535",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1535"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1583",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1583"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1609",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1609"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1610",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1610"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1791",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1791"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1883",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1883"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1887",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1887"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1926",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1926"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-1998",
        "url": "https://issues.redhat.com/browse/PROJQUAY-1998"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2050",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2050"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2100",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2100"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-2102",
        "url": "https://issues.redhat.com/browse/PROJQUAY-2102"
      },
      {
        "category": "external",
        "summary": "PROJQUAY-672",
        "url": "https://issues.redhat.com/browse/PROJQUAY-672"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3917.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-24T20:23:31+00:00",
      "generator": {
        "date": "2024-11-24T20:23:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:3917",
      "initial_release_date": "2021-10-19T12:09:35+00:00",
      "revision_history": [
        {
          "date": "2021-10-19T12:09:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-10-19T12:09:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T20:23:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Quay v3",
                "product": {
                  "name": "Quay v3",
                  "product_id": "8Base-Quay-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                  "product_id": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.6.0-35"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                "product": {
                  "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                  "product_id": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.6.0-40"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                "product": {
                  "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                  "product_id": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.6.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                "product": {
                  "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                  "product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.6.0-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                "product": {
                  "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                  "product_id": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.6.0-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                  "product_id": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.6.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                "product": {
                  "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                  "product_id": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.6.0-44"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                "product": {
                  "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                  "product_id": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.6.0-48"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                "product": {
                  "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                  "product_id": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.6.0-43"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                "product": {
                  "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                  "product_id": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.6.0-62"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64"
        },
        "product_reference": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64"
        },
        "product_reference": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64"
        },
        "product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64"
        },
        "product_reference": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64"
        },
        "product_reference": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64"
        },
        "product_reference": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        },
        "product_reference": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64 as a component of Quay v3",
          "product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        },
        "product_reference": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
        "relates_to_product_reference": "8Base-Quay-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16137",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1500705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-debug: Regular expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the versions of rh-nodejs4-nodejs-debug, rh-nodejs6-nodejs-debug, and rh-nodejs8-nodejs-debug as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of nodejs-debug as a part of the ovirt-engine-api-explorer package.  This package is removed in Red Hat Virtualization 4.3.\n\nRed Hat Quay includes the debug library as a dependency of karma-webpack. It is only used at build time, and not runtime so its impact is reduce to low in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16137"
        },
        {
          "category": "external",
          "summary": "RHBZ#1500705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137"
        }
      ],
      "release_date": "2017-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-debug: Regular expression Denial of Service"
    },
    {
      "cve": "CVE-2017-16138",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2017-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1500700"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-mime: Regular expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Virtualization 4.2 EUS contained a vulnerable version of nodejs-mime in the ovirt-engine-dashboard package. This package has been removed in Red Hat Virtualization 4.2.\n\nRed Hat Quay includes mime as a dependency of Karma. It\u0027s only used at build time, not runtime so this vulnerability has a low impact of Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "RHBZ#1500700",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138"
        },
        {
          "category": "external",
          "summary": "https://nodesecurity.io/advisories/535",
          "url": "https://nodesecurity.io/advisories/535"
        }
      ],
      "release_date": "2017-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-mime: Regular expression Denial of Service"
    },
    {
      "cve": "CVE-2018-1107",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2018-02-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1546357"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Quay the is-my-json-valid library is included as a build time dependency of protractor. It\u0027s only used at build time, not at runtime reducing the impact to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "RHBZ#1546357",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:is-my-json-valid:20180214",
          "url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"
        }
      ],
      "release_date": "2018-02-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format"
    },
    {
      "cve": "CVE-2018-1109",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2018-02-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1547272"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes braces as a dependency of webpack. Braces is only used at build time, not at runtime, reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "RHBZ#1547272",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:braces:20180219",
          "url": "https://snyk.io/vuln/npm:braces:20180219"
        }
      ],
      "release_date": "2018-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js"
    },
    {
      "cve": "CVE-2018-3721",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-02-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1545884"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: Prototype pollution in utilities function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat CloudForms version 4.7 does not ship component lodash, so isn\u0027t affected by this flaw.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of lodash as part of the ovirt-engine-dashboard package. This package has been removed from Red Hat Virtualization 4.3.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3721"
        },
        {
          "category": "external",
          "summary": "RHBZ#1545884",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721"
        }
      ],
      "release_date": "2018-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "lodash: Prototype pollution in utilities function"
    },
    {
      "cve": "CVE-2018-3728",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-02-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1545893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hoek: Prototype pollution in utilities function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3728"
        },
        {
          "category": "external",
          "summary": "RHBZ#1545893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3728"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
        }
      ],
      "release_date": "2018-02-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "hoek: Prototype pollution in utilities function"
    },
    {
      "cve": "CVE-2018-3774",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-08-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1940759"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-url-parse: incorrect hostname in url parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3774"
        },
        {
          "category": "external",
          "summary": "RHBZ#1940759",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3774",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3774"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774"
        }
      ],
      "release_date": "2018-07-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs-url-parse: incorrect hostname in url parsing"
    },
    {
      "cve": "CVE-2018-16492",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2018-07-25T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1608140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A prototype pollution vulnerability was found in module extend \u003c2.0.2, ~\u003c3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-extend: Prototype pollution can allow attackers to modify object properties",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes \u0027extend\u0027 as a build time dependency. It\u0027s not used at runtime reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "RHBZ#1608140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-16492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/npm:extend:20180424",
          "url": "https://snyk.io/vuln/npm:extend:20180424"
        }
      ],
      "release_date": "2018-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-extend: Prototype pollution can allow attackers to modify object properties"
    },
    {
      "cve": "CVE-2018-21270",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1927293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay include stringstream as a dependency of Karma. Karma is only used at build time, and not at runtime reducing the impact of this vulnerability to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-21270"
        },
        {
          "category": "external",
          "summary": "RHBZ#1927293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-21270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-21270"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270"
        }
      ],
      "release_date": "2020-05-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure"
    },
    {
      "cve": "CVE-2019-20920",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1316",
          "url": "https://www.npmjs.com/advisories/1316"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1324",
          "url": "https://www.npmjs.com/advisories/1324"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
    },
    {
      "cve": "CVE-2019-20922",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-09-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1882256"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1882256",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1300",
          "url": "https://www.npmjs.com/advisories/1300"
        }
      ],
      "release_date": "2019-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
    },
    {
      "cve": "CVE-2019-1010266",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2019-07-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1743096"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: uncontrolled resource consumption in Data handler causing denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1010266"
        },
        {
          "category": "external",
          "summary": "RHBZ#1743096",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1010266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266"
        }
      ],
      "release_date": "2019-04-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "lodash: uncontrolled resource consumption in Data handler causing denial of service"
    },
    {
      "cve": "CVE-2020-7608",
      "cwe": {
        "id": "CWE-267",
        "name": "Privilege Defined With Unsafe Actions"
      },
      "discovery_date": "2020-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1840004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-yargs-parser: prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7608"
        },
        {
          "category": "external",
          "summary": "RHBZ#1840004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608"
        }
      ],
      "release_date": "2020-03-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-yargs-parser: prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2020-8203",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857412"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-lodash: prototype pollution in zipObjectDeep function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and Red Hat OpenShift Container Platform (RHOCP), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-lodash library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nRed Hat Virtualization uses vulnerable version of nodejs-lodash, however zipObjectDeep is not used, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857412",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8203",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
        },
        {
          "category": "external",
          "summary": "https://hackerone.com/reports/712065",
          "url": "https://hackerone.com/reports/712065"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1523",
          "url": "https://www.npmjs.com/advisories/1523"
        }
      ],
      "release_date": "2020-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-lodash: prototype pollution in zipObjectDeep function"
    },
    {
      "cve": "CVE-2020-15366",
      "cwe": {
        "id": "CWE-471",
        "name": "Modification of Assumed-Immutable Data (MAID)"
      },
      "discovery_date": "2020-07-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1857977"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-ajv library to authenticated users only, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "RHBZ#1857977",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-AJV-584908",
          "url": "https://snyk.io/vuln/SNYK-JS-AJV-584908"
        }
      ],
      "release_date": "2020-07-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function"
    },
    {
      "cve": "CVE-2020-26237",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-11-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1901662"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object\u0027s prototype during highlighting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-highlight-js: prototype pollution via a crafted HTML code block",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Virtualization, ovirt-engine-api-explorer uses a vulnerable version of highlight.js, however since release 4.4.3 ovirt-engine-api-explorer is obsoleted and no longer used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "RHBZ#1901662",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237"
        },
        {
          "category": "external",
          "summary": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx",
          "url": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx"
        }
      ],
      "release_date": "2020-11-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-highlight-js: prototype pollution via a crafted HTML code block"
    },
    {
      "cve": "CVE-2020-26291",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915257"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urijs. The hostname can be spoofed by using a backslash (`\\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urijs: Hostname spoofing via backslashes in URL",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915257",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155",
          "url": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/releases/tag/v1.19.4",
          "url": "https://github.com/medialize/URI.js/releases/tag/v1.19.4"
        },
        {
          "category": "external",
          "summary": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg",
          "url": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/urijs",
          "url": "https://www.npmjs.com/package/urijs"
        }
      ],
      "release_date": "2020-12-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "urijs: Hostname spoofing via backslashes in URL"
    },
    {
      "cve": "CVE-2020-35653",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Buffer over-read in PCX image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35653",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
        }
      ],
      "release_date": "2021-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python-pillow: Buffer over-read in PCX image reader"
    },
    {
      "cve": "CVE-2020-35654",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2021-01-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1915424"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "RHBZ#1915424",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35654",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
        }
      ],
      "release_date": "2021-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow"
    },
    {
      "cve": "CVE-2021-23364",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1955619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Regular Expression Denial of Service (ReDoS)  vulnerability was found in browserslist library. An attacker can use this vulnerability to parse a query which potentially can lead to service degradation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of nodejs browserslist library, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. \nThis applies to the following products:\n  - OpenShift Container Platform (OCP)\n  - OpenShift ServiceMesh (OSSM)\n  - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n\nIn Red Had Quay , whilst a vulnerable version of `browserslist` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23364"
        },
        {
          "category": "external",
          "summary": "RHBZ#1955619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364"
        }
      ],
      "release_date": "2021-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)"
    },
    {
      "cve": "CVE-2021-23368",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1948763"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-postcss: Regular expression denial of service during source map parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.\n\nIn Red Hat Virtualization a vulnerable version of postcss is used in cockpit-ovirt, ovirt-web-ui and ovirt-engine-ui-extensions. However, it is only used during development and is used to process known CSS content. This flaw has been marked as \"wontfix\" and it may be addressed in future updates.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23368"
        },
        {
          "category": "external",
          "summary": "RHBZ#1948763",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368"
        }
      ],
      "release_date": "2021-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-postcss: Regular expression denial of service during source map parsing"
    },
    {
      "cve": "CVE-2021-23382",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1954150"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "RHBZ#1954150",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
          "url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
        }
      ],
      "release_date": "2021-04-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js"
    },
    {
      "cve": "CVE-2021-25289",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934680"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25289"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934680",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25289",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c"
    },
    {
      "cve": "CVE-2021-25290",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934685"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Negative-offset memcpy in TIFF image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25290"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934685",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25290",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25290"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Negative-offset memcpy in TIFF image reader"
    },
    {
      "cve": "CVE-2021-25291",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934692"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 8 as it does not include the vulnerable code, which was introduced in a newer upstream version than what what shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934692",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c"
    },
    {
      "cve": "CVE-2021-25292",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Regular expression DoS in PDF format parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25292"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Regular expression DoS in PDF format parser"
    },
    {
      "cve": "CVE-2021-25293",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2021-03-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934705"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Out-of-bounds read in SGI RLE image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-25293"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934705",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-25293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293"
        }
      ],
      "release_date": "2021-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Out-of-bounds read in SGI RLE image reader"
    },
    {
      "cve": "CVE-2021-27515",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934474"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27515"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934474",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515"
        }
      ],
      "release_date": "2021-02-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise"
    },
    {
      "cve": "CVE-2021-27516",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1934470"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-urijs where URI.js (urijs) mishandles certain uses of the backslash such as http:\\/ and interprets the URI as a relative path. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay includes the urijs dependency in it\u0027s package.lock file but it\u0027s not used anywhere in the code.\n\nRed Hat Advanced Cluster Management for Kubernetes uses Quay as a service, but not code from Quay that exists in RHACM.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27516"
        },
        {
          "category": "external",
          "summary": "RHBZ#1934470",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27516",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27516"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516"
        }
      ],
      "release_date": "2021-02-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise"
    },
    {
      "cve": "CVE-2021-27921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935384"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in BLP image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27921"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935384",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in BLP image reader"
    },
    {
      "cve": "CVE-2021-27922",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935396"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in ICNS image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935396",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in ICNS image reader"
    },
    {
      "cve": "CVE-2021-27923",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-03-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1935401"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Excessive memory allocation in ICO image reader",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27923"
        },
        {
          "category": "external",
          "summary": "RHBZ#1935401",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923"
        }
      ],
      "release_date": "2021-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Excessive memory allocation in ICO image reader"
    },
    {
      "cve": "CVE-2021-34552",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2021-07-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1982378"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the \"convert()\" or \"ImagingConvertTransparent()\" functions in Convert.c. The highest threat to this vulnerability is to system availability.\r\n\r\nIn Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-pillow: Buffer overflow in image convert function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Due to the compiler options used, the buffer overflow is detected and the impact is lowered to a crash only. Additionally, the \"mode\" parameter has to be attacker controlled, which is considered a rare case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
        ],
        "known_not_affected": [
          "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
          "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
          "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
          "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
          "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
          "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
          "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "RHBZ#1982378",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow"
        }
      ],
      "release_date": "2021-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-10-19T12:09:35+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:3917"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw on Red Hat Quay, keep the invoice generation feature disabled, as it is by default.\n\nRed Hat Satellite 6.9 customers can apply following hotfix to eliminate the vulnerability warnings.\n* Download python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm from https://bugzilla.redhat.com/attachment.cgi?id=1819471\n* Stop services:\n# satellite-maintain service stop\n* Upgrade python2-daemon and remove affected package\n# rpm -Uvh python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm\n# yum remove python-pillow\n* Restart services:\n# satellite-maintain service start\n\nSatellite 6.10 future release is also fixing this.",
          "product_ids": [
            "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
            "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
            "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
            "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
            "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
            "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
            "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-pillow: Buffer overflow in image convert function"
    }
  ]
}

VAR-202007-1448

Vulnerability from variot - Updated: 2024-01-21 21:15

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. lodash Is vulnerable to resource allocation without restrictions or throttling.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. lodash is an open source JavaScript utility library. An input validation error vulnerability exists in lodash 4.17.15 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code on the system via the 'merge', 'mergeWith' and 'defaultsDeep' functions. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Bug Fix(es):

Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2 failed due to dangling symlinks from the iSCSI Storage Domain that weren't cleaned up. In this release, the upgrade succeeds. (BZ#1895356)
Previously, when migrating a Windows virtual machine from a VMware environment to Red Hat Virtualization 4.4.3, the migration failed due to a file permission error. In this release, the migration succeeds. (BZ#1901423)
Bugs fixed (https://bugzilla.redhat.com/):

1835685 - [Hosted-Engine]"Installation Guide" and "RHV Documents" didn't jump to the correct pages in hosted engine page. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1895356 - Upgrade to 4.4.2 will fail due to dangling symlinks 1895762 - cockpit ovirt(downstream) docs links point to upstream docs. 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1898023 - Rebase RHV-H 4.4.3 on RHEL 8.3.0.1 1898024 - Rebase RHV-H 4.4.3 on RHGS-3.5.z Batch #3 1901423 - [v2v] leaking USER and HOME environment from root causes virt-v2v error: failure: Unexpected file type which prevents VM migration 1902301 - Upgrade cockpit-ovirt to 0.14.14

Solution:

For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html.

Bug Fix(es):

send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514)
Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016)
If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170)
Search backend cannot find VMs which name starts with a search keyword (BZ#1797717)
[Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320)
enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466)
NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316)
Adding quota to group doesn't propagate to users (BZ#1822372)
Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691)
Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397)
RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase (BZ#1854888)
Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305)
rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)
RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862)
Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133)
HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)
[CNV&RHV]Notification about VM creation contain string (BZ#1873136)
VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632)
Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280)
unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634)
[CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844)
Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)
[CNV&RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)
Require ansible-2.9.14 in ovirt-engine (BZ#1888626)

Enhancement(s):

[RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)
[RFE] - enable renaming HostedEngine VM name (BZ#1657294)
[RFE] Enabling Icelake new NIs - RHV (BZ#1745024)
[RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751)
[RFE] RHV-M Deployment/Install Needs it's own UUID (BZ#1825020)
[RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865)
[RFE] Expose the "reinstallation required" flag of the hosts in the API (BZ#1856671)
Bugs fixed (https://bugzilla.redhat.com/):

1613514 - send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 1657294 - [RFE] - enable renaming HostedEngine VM name 1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password 1702016 - Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation 1752751 - [RFE] Show vCPUs and allocated memory in virtual machines summary 1760170 - If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. 1797717 - Search backend cannot find VMs which name starts with a search keyword 1808320 - [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation 1811466 - enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times 1812316 - NumaPinningHelper is not huge pages aware, denies migration to suitable host 1822372 - Adding quota to group doesn't propagate to users 1825020 - [RFE] RHV-M Deployment/Install Needs it's own UUID 1828241 - Deleting snapshot do not display a lock for it's disks under "Disk Snapshots" tab. 1829691 - Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template 1842344 - Status loop due to host initialization not checking network status, monitoring finding the network issue and auto-recovery. 1845432 - [CNV&RHV] Communicatoin with CNV cluster spamming engine.log when token is expired 1851865 - [RFE] Destination Host in migrate VM dialog has to be searchable and sortable 1854888 - RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase 1855305 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address 1856671 - [RFE] Expose the "reinstallation required" flag of the hosts in the API 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1859314 - rhv-log-collector-analyzer --json fails with TypeError 1862101 - rhv-image-discrepancies does show size of the images on the storage as size of the image in db and vice versa 1866981 - obj must be encoded before hashing 1870133 - Issue with dashboards creation when sending metrics to external Elasticsearch 1871694 - HostedEngine VM is broken after Cluster changed to UEFI 1872911 - RHV Administration Portal fails with 404 error even after updating to RHV 4.3.9 1873136 - [CNV&RHV]Notification about VM creation contain string 1876923 - PostgreSQL 12 in RHV 4.4 - engine-setup menu ref URL needs updating 1877632 - VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart 1877679 - Synchronize advanced virtualization module with RHEL version during host upgrade 1879199 - ovirt-engine-extension-aaa-ldap-setup fails on cert import 1879280 - Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation 1879377 - [DWH] Rebase bug - for the 4.4.3 release 1881634 - unable to create/add index pattern in step 5 from kcs articles#4921101 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1883844 - [CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs 1884146 - Deprecate and remove ovirt-engine-api-explorer 1884634 - [CNV&RHV] Disable creating new disks for Kubevirt VM 1885976 - rhv-log-collector-analyzer - argument must be str, not bytes 1887268 - Cannot perform yum update on my RHV manager (ansible conflict) 1888626 - Require ansible-2.9.14 in ovirt-engine 1889522 - metrics playbooks are broken due to typo

Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary:

An update is now available for Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch

Description:

The org.ovirt.engine-root is a core component of oVirt.

The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)

A list of bugs fixed in this update is available in the Technical Notes book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes

Security Fix(es):

nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)
VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217)
RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)
On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)
Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206)
Scheduling Memory calculation disregards huge-pages (BZ#1804037)
Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046)
In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339)
Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051)
Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234)
[RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)
[CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377)
Cannot create KubeVirt VM as a normal user (BZ#1859460)
Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466)
[RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)
VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235)
spec_ctrl host feature not detected (BZ#1875609)

Enhancement(s):

[RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877)
[RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803)
[RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812)
[RFE] enhance search filter for Storage Domains with free argument (BZ#1819260)
Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Bugs fixed (https://bugzilla.redhat.com/):

1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution 1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster 1855377 - [CNV&RHV] Add-Disk operation failed to complete. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability 1859460 - Cannot create KubeVirt VM as a normal user 1860907 - Upgrade bundled GWT to 2.9.0 1866466 - Welcome page - remove Metrics Store links and update "Insights Guide" link 1866734 - [DWH] Rebase bug - for the 4.4.2 release 1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade 1869302 - ansible 2.9.12 - host deploy fixes 1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. 1875609 - spec_ctrl host feature not detected 1875851 - Web Admin interface broken on Firefox ESR 68.11

Package List:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm

noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):

PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1448",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "communications cloud native core policy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.11.0"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0.3.0"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.11"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12.7"
      },
      {
        "model": "banking liquidity management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "communications billing and revenue management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.5.0.23.0"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "banking trade finance process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.3"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.12"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "banking trade finance process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "lodash",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lodash",
        "version": "4.17.20"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.3.0"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.2.6.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "20.12.0"
      },
      {
        "model": "communications session router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.11"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "model": "communications subscriber-aware load balancer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "cz8.4"
      },
      {
        "model": "banking supply chain finance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "banking extensibility workbench",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "banking liquidity management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8.0"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "pcz3.3"
      },
      {
        "model": "banking corporate lending process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.5.0"
      },
      {
        "model": "communications session border controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "blockchain platform",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "21.1.2"
      },
      {
        "model": "enterprise communications broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12.0"
      },
      {
        "model": "banking credit facilities process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "banking virtual account management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "model": "banking liquidity management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.2.0"
      },
      {
        "model": "banking trade finance process management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.3.0"
      },
      {
        "model": "lodash",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "lodash",
        "version": "4.17.15"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.17.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12.11",
                "versionStartIncluding": "17.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "20.12.7",
                "versionStartIncluding": "20.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "19.12.11",
                "versionStartIncluding": "19.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.8.12",
                "versionStartIncluding": "18.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "21.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      }
    ],
    "trust": 1.3
  },
  "cve": "CVE-2020-8203",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008656",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-186328",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-8203",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.4,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008656",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-8203",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008656",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202007-1043",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186328",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-8203",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. lodash Is vulnerable to resource allocation without restrictions or throttling.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. lodash is an open source JavaScript utility library. An input validation error vulnerability exists in lodash 4.17.15 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code on the system via the \u0027merge\u0027, \u0027mergeWith\u0027 and \u0027defaultsDeep\u0027 functions. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nBug Fix(es):\n\n* Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2\nfailed due to dangling symlinks from the iSCSI Storage Domain that weren\u0027t\ncleaned up. In this release, the upgrade succeeds. (BZ#1895356)\n\n* Previously, when migrating a Windows virtual machine from a VMware\nenvironment to Red Hat Virtualization 4.4.3, the migration failed due to a\nfile permission error. In this release, the migration succeeds. \n(BZ#1901423)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1835685 - [Hosted-Engine]\"Installation Guide\" and \"RHV Documents\" didn\u0027t jump to the correct pages in hosted engine page. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1895356 - Upgrade to 4.4.2 will fail due to dangling symlinks\n1895762 - cockpit ovirt(downstream) docs links point to upstream docs. \n1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c\n1898023 - Rebase RHV-H 4.4.3 on RHEL 8.3.0.1\n1898024 - Rebase RHV-H 4.4.3 on RHGS-3.5.z Batch #3\n1901423 - [v2v] leaking USER and HOME environment from root causes virt-v2v error: failure: Unexpected file type which prevents VM migration\n1902301 - Upgrade cockpit-ovirt to 0.14.14\n\n6. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. \n\nBug Fix(es):\n\n* send --nowait to libvirt when we collect qemu stats, to consume\nbz#1552092 (BZ#1613514)\n\n* Block moving HE hosts into different Data Centers and make HE host moved\nto different cluster NonOperational after activation (BZ#1702016)\n\n* If an in-use MAC is held by a VM on a different cluster, the engine does\nnot attempt to get the next free MAC. (BZ#1760170)\n\n* Search backend cannot find VMs which name starts with a search keyword\n(BZ#1797717)\n\n* [Permissions] DataCenterAdmin role defined on DC level does not allow\nCluster creation (BZ#1808320)\n\n* enable-usb-autoshare is always 0 in console.vv and usb-filter option is\nlisted two times (BZ#1811466)\n\n* NumaPinningHelper is not huge pages aware, denies migration to suitable\nhost (BZ#1812316)\n\n* Adding quota to group doesn\u0027t propagate to users (BZ#1822372)\n\n* Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35\nTemplate (BZ#1829691)\n\n* Live Migration Bandwidth unit is different from Engine configuration\n(Mbps) and VDSM (MBps) (BZ#1845397)\n\n* RHV-M shows successful operation if OVA export/import failed during\n\"qemu-img convert\" phase (BZ#1854888)\n\n* Cannot hotplug disk reports libvirtError: Requested operation is not\nvalid: Domain already contains a disk with that address (BZ#1855305)\n\n* rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)\n\n* RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run\n(BZ#1866862)\n\n* Issue with dashboards creation when sending metrics to external\nElasticsearch (BZ#1870133)\n\n* HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)\n\n* [CNV\u0026RHV]Notification about VM creation contain \u003cUNKNOWN\u003e string\n(BZ#1873136)\n\n* VM stuck in Migrating status after migration completed due to incorrect\nstatus reported by VDSM after restart (BZ#1877632)\n\n* Use 4.5 as compatibility level for the Default DataCenter and the Default\nCluster during installation (BZ#1879280)\n\n* unable to create/add index pattern in step 5 from kcs articles#4921101\n(BZ#1881634)\n\n* [CNV\u0026RHV] Remove warning about no active storage domain for Kubevirt VMs\n(BZ#1883844)\n\n* Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)\n\n* [CNV\u0026RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)\n\n* Require ansible-2.9.14 in ovirt-engine (BZ#1888626)\n\nEnhancement(s):\n\n* [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)\n\n* [RFE] - enable renaming HostedEngine VM name (BZ#1657294)\n\n* [RFE] Enabling Icelake new NIs - RHV (BZ#1745024)\n\n* [RFE] Show vCPUs and allocated memory in virtual machines summary\n(BZ#1752751)\n\n* [RFE] RHV-M Deployment/Install Needs it\u0027s own UUID (BZ#1825020)\n\n* [RFE] Destination Host in migrate VM dialog has to be searchable and\nsortable (BZ#1851865)\n\n* [RFE] Expose the \"reinstallation required\" flag of the hosts in the API\n(BZ#1856671)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1613514 - send --nowait to libvirt when we collect qemu stats, to consume bz#1552092\n1657294 - [RFE] - enable renaming HostedEngine VM name\n1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password\n1702016 - Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation\n1752751 - [RFE] Show vCPUs and allocated memory in virtual machines summary\n1760170 - If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. \n1797717 - Search backend cannot find VMs which name starts with a search keyword\n1808320 - [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation\n1811466 - enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times\n1812316 - NumaPinningHelper is not huge pages aware, denies migration to suitable host\n1822372 - Adding quota to group doesn\u0027t propagate to users\n1825020 - [RFE] RHV-M Deployment/Install Needs it\u0027s own UUID\n1828241 - Deleting snapshot do not display a lock for it\u0027s disks under \"Disk Snapshots\" tab. \n1829691 - Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template\n1842344 - Status loop due to host initialization not checking network status, monitoring finding the network issue and auto-recovery. \n1845432 - [CNV\u0026RHV] Communicatoin with CNV cluster spamming engine.log when token is expired\n1851865 - [RFE] Destination Host in migrate VM dialog has to be searchable and sortable\n1854888 - RHV-M shows successful operation if OVA export/import failed during \"qemu-img convert\" phase\n1855305 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address\n1856671 - [RFE] Expose the \"reinstallation required\" flag of the hosts in the API\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1859314 - rhv-log-collector-analyzer --json fails with TypeError\n1862101 - rhv-image-discrepancies does show size of the images on the storage as size of the image in db and vice versa\n1866981 - obj must be encoded before hashing\n1870133 - Issue with dashboards creation when sending metrics to external Elasticsearch\n1871694 - HostedEngine VM is broken after Cluster changed to UEFI\n1872911 - RHV Administration Portal fails with 404 error even after updating to RHV 4.3.9\n1873136 - [CNV\u0026RHV]Notification about VM creation contain \u003cUNKNOWN\u003e string\n1876923 - PostgreSQL 12 in RHV 4.4 - engine-setup menu ref URL needs updating\n1877632 - VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart\n1877679 - Synchronize advanced virtualization module with RHEL version during host upgrade\n1879199 - ovirt-engine-extension-aaa-ldap-setup fails on cert import\n1879280 - Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation\n1879377 - [DWH] Rebase bug - for the 4.4.3 release\n1881634 - unable to create/add index pattern in step 5 from kcs articles#4921101\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1883844 - [CNV\u0026RHV] Remove warning about no active storage domain for Kubevirt VMs\n1884146 - Deprecate and remove ovirt-engine-api-explorer\n1884634 - [CNV\u0026RHV] Disable creating new disks for Kubevirt VM\n1885976 - rhv-log-collector-analyzer - argument must be str, not bytes\n1887268 - Cannot perform yum update on my RHV manager (ansible conflict)\n1888626 - Require ansible-2.9.14 in ovirt-engine\n1889522 - metrics playbooks are broken due to typo\n\n6. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:3807-01\nProduct:           Red Hat Virtualization\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3807\nIssue date:        2020-09-23\nCVE Names:         CVE-2020-8203 CVE-2020-11022 CVE-2020-11023\n                   CVE-2020-14333\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Virtualization Engine 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. \n\nThe following packages have been upgraded to a later upstream version:\nansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3),\novirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1),\novirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3),\novirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1),\nvdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)\n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* ovirt-engine: Reflected cross site scripting vulnerability\n(CVE-2020-14333)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)\n\n* VM portal always asks how to open console.vv even it has been set to\ndefault application. (BZ#1638217)\n\n* RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)\n\n* On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)\n\n* Possible missing block path for a SCSI host device needs to be handled in\nthe UI (BZ#1801206)\n\n* Scheduling Memory calculation disregards huge-pages (BZ#1804037)\n\n* Engine does not reduce scheduling memory when a VM with dynamic hugepages\nruns. (BZ#1804046)\n\n* In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n(BZ#1806339)\n\n* Refresh LUN is using host from different Data Center to scan the LUN\n(BZ#1838051)\n\n* Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and\ngreater for RHV-M GUI/Webadmin portal (BZ#1843234)\n\n* [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)\n\n* [CNV\u0026RHV] Add-Disk operation failed to complete. (BZ#1855377)\n\n* Cannot create KubeVirt VM as a normal user (BZ#1859460)\n\n* Welcome page - remove Metrics Store links and update \"Insights Guide\"\nlink (BZ#1866466)\n\n* [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)\n\n* VM vm-name is down with error. Exit message: unsupported configuration:\nCan\u0027t add USB input device. USB bus is disabled. (BZ#1871235)\n\n* spec_ctrl host feature not detected (BZ#1875609)\n\nEnhancement(s):\n\n* [RFE] API for changed blocks/sectors for a disk for incremental backup\nusage (BZ#1139877)\n\n* [RFE] Improve workflow for storage migration of VMs with multiple disks\n(BZ#1749803)\n\n* [RFE] Move the Remove VM button to the drop down menu when viewing\ndetails such as snapshots (BZ#1763812)\n\n* [RFE] enhance search filter for Storage Domains with free argument\n(BZ#1819260)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1625499 - Cannot assign direct LUN from FC storage - grayed out\n1638217 - VM portal always asks how to open console.vv even it has been set to default application. \n1643520 - RESTAPI Not able to remove the QoS from a disk profile\n1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge)\n1748879 - On OVA import, qemu-img fails to write to NFS storage domain\n1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks\n1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied\n1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots\n1778471 - Using more than one asterisk in LDAP search string is not working when searching for  AD users. \n1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. \n1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI\n1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. \n1804037 - Scheduling Memory calculation disregards huge-pages\n1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. \n1806339 - In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n1816951 - [CNV\u0026RHV] CNV VM migration failure is not handled correctly by the engine\n1819260 - [RFE] enhance search filter for Storage Domains with free argument\n1826255 - [CNV\u0026RHV]Change name of type of provider - CNV -\u003e OpenShift Virtualization\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC\n1831952 - RESTAPI contains malformed link around JSON representation fo the cluster\n1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent\n1831956 - RESTAPI javadoc contains malformed link around time zone representation\n1838051 - Refresh LUN is using host from different Data Center to scan the LUN\n1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory\n1843234 - Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster\n1855377 - [CNV\u0026RHV] Add-Disk operation failed to complete. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability\n1859460 - Cannot create KubeVirt VM as a normal user\n1860907 - Upgrade bundled GWT to 2.9.0\n1866466 - Welcome page - remove Metrics Store links and update \"Insights Guide\" link\n1866734 - [DWH] Rebase bug - for the 4.4.2 release\n1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade\n1869302 - ansible 2.9.12 - host deploy fixes\n1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can\u0027t add USB input device. USB bus is disabled. \n1875609 - spec_ctrl host feature not detected\n1875851 - Web Admin interface broken on Firefox ESR 68.11\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-service-1.0.5-1.el8ev.src.rpm\novirt-engine-4.4.2.3-0.6.el8ev.src.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm\novirt-log-collector-4.4.3-1.el8ev.src.rpm\novirt-web-ui-1.6.4-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.src.rpm\nrhvm-dependencies-4.4.1-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-service-1.0.5-1.el8ev.noarch.rpm\novirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-log-collector-4.4.3-1.el8ev.noarch.rpm\novirt-web-ui-1.6.4-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.1-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8203\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2020-14333\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj\ngdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj\nrfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM\nR5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ\nBynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk\nJ+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp\nt+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH\nA1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl\n5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY\nTzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N\nmqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc\nbvmOI0eIsZw=Jhpi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 -  As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8203",
        "trust": 3.3
      },
      {
        "db": "HACKERONE",
        "id": "712065",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158797",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160589",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160209",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159275",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "164555",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072725",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072145",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041931",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042310",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4460",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2715",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3700",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3255",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3143",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3472",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5150",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4180",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5790",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "158796",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-186328",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159727",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "id": "VAR-202007-1448",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-01-21T21:15:51.312000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-8203 is not modified in /.internal/baseSet.js #4874",
        "trust": 0.8,
        "url": "https://github.com/lodash/lodash/issues/4874"
      },
      {
        "title": "lodash Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=124909"
      },
      {
        "title": "Debian CVElist Bug Report Logs: node-lodash: CVE-2020-8203",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e2a3a37cadf3658ad136a09d0edc4403"
      },
      {
        "title": "Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205611 - security advisory"
      },
      {
        "title": "Red Hat: Low: Red Hat Virtualization security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205179 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203807 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203369 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data \u2013 Node.js (CVE-2020-8203)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0d7ed837a314c7bb63d61727a6cea7fa"
      },
      {
        "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
      },
      {
        "title": "node-elm-compiler",
        "trust": 0.1,
        "url": "https://github.com/rtfeldman/node-elm-compiler "
      },
      {
        "title": "CloudGuard-ShiftLeft-CICD",
        "trust": 0.1,
        "url": "https://github.com/chkp-dhouari/cloudguard-shiftleft-cicd "
      },
      {
        "title": "CloudGuard-ShiftLeft-CICD-mams",
        "trust": 0.1,
        "url": "https://github.com/mamadoudemb/cloudguard-shiftleft-cicd-mams "
      },
      {
        "title": "shiftleft-cicd-demo",
        "trust": 0.1,
        "url": "https://github.com/ecarbon277/shiftleft-cicd-demo "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/p3sky/cloudguard-shifleft-cicd "
      },
      {
        "title": "shiftleftv3",
        "trust": 0.1,
        "url": "https://github.com/puryersc/shiftleftv3 "
      },
      {
        "title": "shiftleftv2",
        "trust": 0.1,
        "url": "https://github.com/puryersc/shiftleftv2 "
      },
      {
        "title": "shiftleftv4",
        "trust": 0.1,
        "url": "https://github.com/puryersc/shiftleftv4 "
      },
      {
        "title": "Web-CTF-Cheatsheet",
        "trust": 0.1,
        "url": "https://github.com/duckstroms/web-ctf-cheatsheet "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1321",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-770",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200724-0006/"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/lodash/lodash/issues/4874"
      },
      {
        "trust": 1.8,
        "url": "https://hackerone.com/reports/712065"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8203"
      },
      {
        "trust": 0.7,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-8203"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4460/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072145"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3472"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160589/red-hat-security-advisory-2020-5611-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-javascript-affects-ibm-license-metric-tool-v9-cve-2020-8203/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-oss-security-scan-issues-for-concerto-installer/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-oss-scan-fixes-for-content-pos/"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042310"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160209/red-hat-security-advisory-2020-5179-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4180/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5150"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072725"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5790"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2715/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/node-js-lodash-privilege-escalation-via-prototype-pollution-33309"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3255/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-11023"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-15366"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-11022"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20922"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20920"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9283"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/1321.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/rtfeldman/node-elm-compiler"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8768"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8535"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8611"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6251"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8676"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7150"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1547"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7664"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8607"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12052"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8594"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8601"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3822"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11324"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3823"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7146"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8524"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5481"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8536"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8686"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8544"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12049"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8571"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-19519"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8677"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5436"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13753"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8679"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6454"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4298"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8622"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7598"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8681"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3825"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18074"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-6706"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8673"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8687"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13822"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8672"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8608"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7662"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8615"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7665"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8457"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5953"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8689"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15847"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8735"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11236"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12245"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8596"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8610"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13636"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1563"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-7149"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16056"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20337"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19959"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8675"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8563"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10531"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13232"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-3843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10715"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8609"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8587"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-18751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8506"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8583"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-9251"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8597"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:5179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12666"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3369"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12666"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.5/jaeger/jaeger_install/rhb"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3370"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3807"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14333"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-21270"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34552"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35653"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3774"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27921"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27515"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010266"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35654"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3917"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-16138"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-16137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "date": "2020-07-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "date": "2020-12-17T17:36:24",
        "db": "PACKETSTORM",
        "id": "160589"
      },
      {
        "date": "2020-10-27T16:59:02",
        "db": "PACKETSTORM",
        "id": "159727"
      },
      {
        "date": "2020-11-24T15:30:15",
        "db": "PACKETSTORM",
        "id": "160209"
      },
      {
        "date": "2020-08-07T18:27:30",
        "db": "PACKETSTORM",
        "id": "158797"
      },
      {
        "date": "2020-08-07T18:27:14",
        "db": "PACKETSTORM",
        "id": "158796"
      },
      {
        "date": "2020-09-24T00:30:36",
        "db": "PACKETSTORM",
        "id": "159275"
      },
      {
        "date": "2021-10-19T15:32:20",
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "date": "2020-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "date": "2020-07-15T17:15:11.797000",
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186328"
      },
      {
        "date": "2022-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8203"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      },
      {
        "date": "2023-06-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      },
      {
        "date": "2024-01-21T02:37:13.193000",
        "db": "NVD",
        "id": "CVE-2020-8203"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lodash Vulnerability in resource allocation without restrictions or throttling in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008656"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202007-1043"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2022-1375

Vulnerability from csaf_certbund - Published: 2022-09-11 22:00 - Updated: 2023-09-14 22:00

Summary

JFrog Artifactory: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: JFrog Artifactory ist eine universelle DevOps-Lösung.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.

Betroffene Betriebssysteme: - UNIX - Linux

CVE-2013-4517

In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2013-7285

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2014-0107

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2014-0114

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2014-3577

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2014-3623

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2015-0227

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2015-2575

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2015-3253

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2015-4852

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2015-7940

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-10750

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-3092

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-3674

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-6501

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-8735

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2016-8745

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-1000487

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-15095

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-17485

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-18214

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-18640

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-7525

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-7657

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-7957

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2017-9506

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2018-1000206

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2018-9116

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2019-10219

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2019-12402

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2019-17359

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2019-17571

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2019-20104

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-11996

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-13934

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-13935

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-13949

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-14340

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-15586

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-1745

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-17521

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-25649

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-28500

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-29582

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-36518

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-7226

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-7692

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2020-8203

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-13936

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-21290

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22060

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22112

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22119

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22147

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22148

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22149

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-22573

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-23337

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-25122

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-26291

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-27568

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-29505

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-30129

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-33037

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35550

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35556

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35560

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35561

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35564

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35565

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35567

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35578

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35586

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35588

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-35603

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-36374

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-3765

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-3807

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-38561

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-3859

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-41090

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-41091

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-42340

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-42550

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2021-43797

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-0536

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-22963

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-23632

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-23648

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-23806

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-24769

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-24823

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-27191

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-29153

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-32212

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-32213

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-32214

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-32215

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

CVE-2022-32223

Affected products

Known affected 4 products

Product	Identifier	Version
JFrog Artifactory JFrog / Artifactory	`cpe:/a:jfrog:artifactory:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
JFrog Artifactory < 7.46.3 JFrog / Artifactory	`cpe:/a:jfrog:artifactory:7.46.3`	—

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:5165	external
https://www.jfrog.com/confluence/display/JFROG/Fi…	external
https://www.jfrog.com/confluence/display/JFROG/Fi…	external
https://access.redhat.com/errata/RHSA-2022:6782	external
https://ubuntu.com/security/notices/USN-5776-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1375 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1375 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
        "url": "https://access.redhat.com/errata/RHSA-2023:5165"
      },
      {
        "category": "external",
        "summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11",
        "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
      },
      {
        "category": "external",
        "summary": "JFrog Fixed Security Vulnerabilities",
        "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04",
        "url": "https://access.redhat.com/errata/RHSA-2022:6782"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13",
        "url": "https://ubuntu.com/security/notices/USN-5776-1"
      }
    ],
    "source_lang": "en-US",
    "title": "JFrog Artifactory: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-14T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:34:59.214+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-1375",
      "initial_release_date": "2022-09-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-09-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-10-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2022-10-04T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-12-20T23:00:00.000+00:00",
          "number": "5",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "JFrog Artifactory",
                "product": {
                  "name": "JFrog Artifactory",
                  "product_id": "T024527",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:jfrog:artifactory:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "JFrog Artifactory \u003c 7.46.3",
                "product": {
                  "name": "JFrog Artifactory \u003c 7.46.3",
                  "product_id": "T024764",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:jfrog:artifactory:7.46.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Artifactory"
          }
        ],
        "category": "vendor",
        "name": "JFrog"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-4517",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2013-4517"
    },
    {
      "cve": "CVE-2013-7285",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2013-7285"
    },
    {
      "cve": "CVE-2014-0107",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2014-0107"
    },
    {
      "cve": "CVE-2014-0114",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2014-0114"
    },
    {
      "cve": "CVE-2014-3577",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2014-3577"
    },
    {
      "cve": "CVE-2014-3623",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2014-3623"
    },
    {
      "cve": "CVE-2015-0227",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2015-0227"
    },
    {
      "cve": "CVE-2015-2575",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2015-2575"
    },
    {
      "cve": "CVE-2015-3253",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2015-3253"
    },
    {
      "cve": "CVE-2015-4852",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2015-4852"
    },
    {
      "cve": "CVE-2015-7940",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2015-7940"
    },
    {
      "cve": "CVE-2016-10750",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-10750"
    },
    {
      "cve": "CVE-2016-3092",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-3092"
    },
    {
      "cve": "CVE-2016-3674",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-3674"
    },
    {
      "cve": "CVE-2016-6501",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-6501"
    },
    {
      "cve": "CVE-2016-8735",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2016-8745",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2016-8745"
    },
    {
      "cve": "CVE-2017-1000487",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-1000487"
    },
    {
      "cve": "CVE-2017-15095",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-15095"
    },
    {
      "cve": "CVE-2017-17485",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-17485"
    },
    {
      "cve": "CVE-2017-18214",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-18214"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-7525",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-7525"
    },
    {
      "cve": "CVE-2017-7657",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-7657"
    },
    {
      "cve": "CVE-2017-7957",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-7957"
    },
    {
      "cve": "CVE-2017-9506",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2017-9506"
    },
    {
      "cve": "CVE-2018-1000206",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2018-1000206"
    },
    {
      "cve": "CVE-2018-9116",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2018-9116"
    },
    {
      "cve": "CVE-2019-10219",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2019-10219"
    },
    {
      "cve": "CVE-2019-12402",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2019-12402"
    },
    {
      "cve": "CVE-2019-17359",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2019-17359"
    },
    {
      "cve": "CVE-2019-17571",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2019-17571"
    },
    {
      "cve": "CVE-2019-20104",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2019-20104"
    },
    {
      "cve": "CVE-2020-11996",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-11996"
    },
    {
      "cve": "CVE-2020-13934",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-13934"
    },
    {
      "cve": "CVE-2020-13935",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13949",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-13949"
    },
    {
      "cve": "CVE-2020-14340",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-14340"
    },
    {
      "cve": "CVE-2020-15586",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-15586"
    },
    {
      "cve": "CVE-2020-1745",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-1745"
    },
    {
      "cve": "CVE-2020-17521",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-17521"
    },
    {
      "cve": "CVE-2020-25649",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2020-28500",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-28500"
    },
    {
      "cve": "CVE-2020-29582",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-29582"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-7226",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-7226"
    },
    {
      "cve": "CVE-2020-7692",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-7692"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2021-13936",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-13936"
    },
    {
      "cve": "CVE-2021-21290",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-21290"
    },
    {
      "cve": "CVE-2021-22060",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22060"
    },
    {
      "cve": "CVE-2021-22112",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22112"
    },
    {
      "cve": "CVE-2021-22119",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22119"
    },
    {
      "cve": "CVE-2021-22147",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22147"
    },
    {
      "cve": "CVE-2021-22148",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22148"
    },
    {
      "cve": "CVE-2021-22149",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22149"
    },
    {
      "cve": "CVE-2021-22573",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-22573"
    },
    {
      "cve": "CVE-2021-23337",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-23337"
    },
    {
      "cve": "CVE-2021-25122",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-25122"
    },
    {
      "cve": "CVE-2021-26291",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-26291"
    },
    {
      "cve": "CVE-2021-27568",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-27568"
    },
    {
      "cve": "CVE-2021-29505",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-29505"
    },
    {
      "cve": "CVE-2021-30129",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-30129"
    },
    {
      "cve": "CVE-2021-33037",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-35550",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35550"
    },
    {
      "cve": "CVE-2021-35556",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35556"
    },
    {
      "cve": "CVE-2021-35560",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35560"
    },
    {
      "cve": "CVE-2021-35561",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35561"
    },
    {
      "cve": "CVE-2021-35564",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35564"
    },
    {
      "cve": "CVE-2021-35565",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35565"
    },
    {
      "cve": "CVE-2021-35567",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35567"
    },
    {
      "cve": "CVE-2021-35578",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35578"
    },
    {
      "cve": "CVE-2021-35586",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35586"
    },
    {
      "cve": "CVE-2021-35588",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35588"
    },
    {
      "cve": "CVE-2021-35603",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-35603"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-3765",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-3765"
    },
    {
      "cve": "CVE-2021-3807",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2021-38561",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-38561"
    },
    {
      "cve": "CVE-2021-3859",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-3859"
    },
    {
      "cve": "CVE-2021-41090",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-41090"
    },
    {
      "cve": "CVE-2021-41091",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-41091"
    },
    {
      "cve": "CVE-2021-42340",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-42340"
    },
    {
      "cve": "CVE-2021-42550",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-42550"
    },
    {
      "cve": "CVE-2021-43797",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2021-43797"
    },
    {
      "cve": "CVE-2022-0536",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-0536"
    },
    {
      "cve": "CVE-2022-22963",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-22963"
    },
    {
      "cve": "CVE-2022-23632",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-23632"
    },
    {
      "cve": "CVE-2022-23648",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-23648"
    },
    {
      "cve": "CVE-2022-23806",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24769",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-24769"
    },
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-27191",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-29153",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-29153"
    },
    {
      "cve": "CVE-2022-32212",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-32212"
    },
    {
      "cve": "CVE-2022-32213",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-32213"
    },
    {
      "cve": "CVE-2022-32214",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-32214"
    },
    {
      "cve": "CVE-2022-32215",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-32215"
    },
    {
      "cve": "CVE-2022-32223",
      "notes": [
        {
          "category": "description",
          "text": "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "product_status": {
        "known_affected": [
          "T024527",
          "67646",
          "T000126",
          "T024764"
        ]
      },
      "release_date": "2022-09-11T22:00:00.000+00:00",
      "title": "CVE-2022-32223"
    }
  ]
}

WID-SEC-W-2023-1350

Vulnerability from csaf_certbund - Published: 2023-06-01 22:00 - Updated: 2024-02-15 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern

Severity

Mittel

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows - Sonstiges

CVE-2023-27538

Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-27537

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-27536

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-27535

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-27534

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-27533

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-23916

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-23915

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-23914

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-1370

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-0286

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2023-0215

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-46175

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-43680

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-43552

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-43551

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-4304

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-42916

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-42915

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-42004

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-4200

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-41720

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-41716

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-41715

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-40304

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-40303

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-40023

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-38900

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-37616

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-37603

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-37601

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-37599

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-37434

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-36227

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-35737

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-35260

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-35252

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-3517

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-33987

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32221

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32208

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32207

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32206

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32205

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32189

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-32148

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-31129

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30635

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30634

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30633

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30632

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30631

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30630

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30629

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30580

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-30115

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-29804

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-29526

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-2880

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-2879

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-28327

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-28131

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27782

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27781

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27780

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27779

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27778

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27776

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27775

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27774

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27664

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-27191

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-25858

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-24999

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-24921

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-24675

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-23806

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-23773

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-23772

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-23491

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-22576

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-1962

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2022-1705

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-43565

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-3803

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-36976

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-3520

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-33587

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-33503

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-33502

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-31566

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-29060

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-27292

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-23382

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-23368

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-23343

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22947

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22946

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22945

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22926

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22925

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22924

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22923

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22922

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22901

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22898

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22897

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22890

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-22876

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2021-20095

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8286

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8285

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8284

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8231

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8203

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8177

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8169

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-8116

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-7774

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-7753

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-7662

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-28469

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-15138

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2020-13822

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2019-20149

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2019-10746

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2019-10744

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2018-25032

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

CVE-2017-16042

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com/advisories/SVD-2023-0613	external
https://www.ibm.com/support/pages/node/7008449	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1350 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1350 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350"
      },
      {
        "category": "external",
        "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01",
        "url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern",
    "tracking": {
      "current_release_date": "2024-02-15T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:51:43.161+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1350",
      "initial_release_date": "2023-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 8.1.14",
                  "product_id": "T027935"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 8.2.11",
                  "product_id": "T027936"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 9.0.5",
                  "product_id": "T027937"
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-27538",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-27537",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27536",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27535",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27534",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27533",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-23916",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23915",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23914",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-0286",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0215",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-43552",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43551",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-4304",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-42916",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-42915",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-4200",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4200"
    },
    {
      "cve": "CVE-2022-41720",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-41716",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41715",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40303",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40023",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-38900",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-37616",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37616"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-36227",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-35737",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-35260",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35252",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-3517",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-33987",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-32221",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-32208",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32207",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32206",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32205",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32189",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32148",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-30635",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-30634",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30633",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30632",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30631",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30630",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30629",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30580",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30115",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-29804",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-29526",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-2880",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-2879",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-28327",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-28131",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-27782",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-27781",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27780",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27779",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27778",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27776",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27775",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27774",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27664",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27191",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-25858",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-24999",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-24921",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24675",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-23806",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-23773",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23772",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23491",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-22576",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-1962",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-1705",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2021-43565",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2021-3803",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-36976",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3520",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-33587",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33587"
    },
    {
      "cve": "CVE-2021-33503",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33502",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-31566",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-29060",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-27292",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-27292"
    },
    {
      "cve": "CVE-2021-23382",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-23368",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23343",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-22947",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-22946",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22945",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22926",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22925",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22924",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22923",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22922",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22901",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22898",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22897",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22890",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22876",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-20095",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-20095"
    },
    {
      "cve": "CVE-2020-8286",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2020-8285",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8284",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8231",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-8177",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8169",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8116",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8116"
    },
    {
      "cve": "CVE-2020-7774",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7774"
    },
    {
      "cve": "CVE-2020-7753",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7753"
    },
    {
      "cve": "CVE-2020-7662",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7662"
    },
    {
      "cve": "CVE-2020-28469",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-15138",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-15138"
    },
    {
      "cve": "CVE-2020-13822",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-13822"
    },
    {
      "cve": "CVE-2019-20149",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-20149"
    },
    {
      "cve": "CVE-2019-10746",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10746"
    },
    {
      "cve": "CVE-2019-10744",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10744"
    },
    {
      "cve": "CVE-2018-25032",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2018-25032"
    },
    {
      "cve": "CVE-2017-16042",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "5104"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2017-16042"
    }
  ]
}

WID-SEC-W-2023-2981

Vulnerability from csaf_certbund - Published: 2020-08-06 22:00 - Updated: 2023-11-21 23:00

Summary

Red Hat OpenShift: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial of Service zu verursachen oder weitere nicht definierte Auswirkungen zu erzielen.

Betroffene Betriebssysteme: - Linux

CVE-2020-12666

Es existiert eine Schwachstelle in Red Hat OpenShift. Die "macaron" Komponente hat einen "Open Redirect" Fehler im statischen Handler. Ein Angreifer kann diese Schwachstelle ausnutzen, um das Opfer unbemerkt auf eine nicht vertrauenswürdige Seite umzuleiten. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Webbrowser zu öffnen.

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat OpenShift service mesh 1.0 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.0`	—
Red Hat OpenShift service mesh 1.1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.1`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2020-14040

Es existiert eine Schwachstelle in Red Hat OpenShift. In der Bibliothek golang.org/x/text besteht in einigen Funktionen, z. B. unicode.Transform, transform.String oder transform.Byte, ein Problem mit einer Endlosschleife. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er einer entsprechenden Anwendung bestimmte Zeichen oder Zeichenfolgen bereitstellt, und dadurch einen Denial of Service verursachen.

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat OpenShift service mesh 1.0 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.0`	—
Red Hat OpenShift service mesh 1.1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.1`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2020-8203

Es existiert eine Schwachstelle in Red Hat OpenShift. Hierbei handelt es sich um einen Prototype pollution Schwachstelle bei der Benutzung von _.zipObjectDeep in lodash. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service oder weitere nicht definierte Auswirkungen zu erzielen.

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat OpenShift service mesh 1.0 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.0`	—
Red Hat OpenShift service mesh 1.1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_1.1`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

24 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://linux.oracle.com/errata/ELSA-2023-6939.html	external
https://access.redhat.com/errata/RHSA-2020:3369	external
https://access.redhat.com/errata/RHSA-2020:3372	external
https://access.redhat.com/errata/RHSA-2020:3578	external
https://access.redhat.com/errata/RHSA-2021:1129	external
https://access.redhat.com/errata/RHSA-2021:1168	external
https://access.redhat.com/errata/RHSA-2020:3727	external
https://access.redhat.com/errata/RHSA-2020:3780	external
https://access.redhat.com/errata/RHSA-2020:3783	external
https://access.redhat.com/errata/RHSA-2020:4297	external
https://access.redhat.com/errata/RHSA-2021:2039	external
https://access.redhat.com/errata/RHSA-2020:4694	external
https://access.redhat.com/errata/RHSA-2020:5054	external
https://access.redhat.com/errata/RHSA-2020:5055	external
https://access.redhat.com/errata/RHSA-2020:5149	external
https://access.redhat.com/errata/RHSA-2020:5198	external
https://access.redhat.com/errata/RHSA-2020:5606	external
https://access.redhat.com/errata/RHSA-2020:5611	external
https://access.redhat.com/errata/RHSA-2021:1369	external
https://access.redhat.com/errata/RHSA-2021:0799	external
https://access.redhat.com/errata/RHSA-2021:3140	external
https://access.redhat.com/errata/RHSA-2021:3259	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial of Service zu verursachen oder weitere nicht definierte Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2981 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2981.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2981 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2981"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-6939 vom 2023-11-21",
        "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2020-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2020:3369"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2020-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2020:3372"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3578 vom 2020-09-08",
        "url": "https://access.redhat.com/errata/RHSA-2020:3578"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1129 vom 2021-04-08",
        "url": "https://access.redhat.com/errata/RHSA-2021:1129"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1168 vom 2021-04-13",
        "url": "https://access.redhat.com/errata/RHSA-2021:1168"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3727 vom 2020-09-16",
        "url": "https://access.redhat.com/errata/RHSA-2020:3727"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3780 vom 2020-09-21",
        "url": "https://access.redhat.com/errata/RHSA-2020:3780"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3783 vom 2020-09-22",
        "url": "https://access.redhat.com/errata/RHSA-2020:3783"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4297 vom 2020-10-27",
        "url": "https://access.redhat.com/errata/RHSA-2020:4297"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2039 vom 2021-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:2039"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4694 vom 2020-11-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:4694"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5054 vom 2020-11-10",
        "url": "https://access.redhat.com/errata/RHSA-2020:5054"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5055 vom 2020-11-10",
        "url": "https://access.redhat.com/errata/RHSA-2020:5055"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5149 vom 2020-11-18",
        "url": "https://access.redhat.com/errata/RHSA-2020:5149"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5198 vom 2020-11-24",
        "url": "https://access.redhat.com/errata/RHSA-2020:5198"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5606 vom 2020-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:5606"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5611 vom 2020-12-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:5611"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1369 vom 2021-04-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:1369"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0799 vom 2021-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2021:0799"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3140 vom 2021-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2021:3140"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3259 vom 2021-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:3259"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenShift: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:01:56.432+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2981",
      "initial_release_date": "2020-08-06T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-08-06T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-09-15T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-09-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-10-27T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-03T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-18T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-23T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-24T23:00:00.000+00:00",
          "number": "10",
          "summary": "Referenz(en) aufgenommen: RHSA-2020:5179"
        },
        {
          "date": "2020-12-16T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-12-23T23:00:00.000+00:00",
          "number": "12",
          "summary": "Referenz(en) aufgenommen: FEDORA-2020-66E6E8D027"
        },
        {
          "date": "2021-03-09T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-04-08T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-04-12T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-04-26T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-05-18T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-11T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-24T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "20"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift service mesh 1.1",
                "product": {
                  "name": "Red Hat OpenShift service mesh 1.1",
                  "product_id": "T016838",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_1.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift service mesh 1.0",
                "product": {
                  "name": "Red Hat OpenShift service mesh 1.0",
                  "product_id": "T017057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12666",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Die \"macaron\" Komponente hat einen \"Open Redirect\" Fehler im statischen Handler. Ein Angreifer kann diese Schwachstelle ausnutzen, um das Opfer unbemerkt auf eine nicht vertrauensw\u00fcrdige Seite umzuleiten. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Webbrowser zu \u00f6ffnen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T017057",
          "T016838",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2020-08-06T22:00:00.000+00:00",
      "title": "CVE-2020-12666"
    },
    {
      "cve": "CVE-2020-14040",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. In der Bibliothek golang.org/x/text besteht in einigen Funktionen, z. B. unicode.Transform, transform.String oder transform.Byte, ein Problem mit einer Endlosschleife. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er einer entsprechenden Anwendung bestimmte Zeichen oder Zeichenfolgen bereitstellt, und dadurch einen Denial of Service verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T017057",
          "T016838",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2020-08-06T22:00:00.000+00:00",
      "title": "CVE-2020-14040"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Hierbei handelt es sich um einen Prototype pollution Schwachstelle bei der Benutzung von _.zipObjectDeep in lodash. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service oder weitere nicht definierte Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T017057",
          "T016838",
          "67646",
          "T004914"
        ]
      },
      "release_date": "2020-08-06T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    }
  ]
}

WID-SEC-W-2023-3025

Vulnerability from csaf_certbund - Published: 2023-11-28 23:00 - Updated: 2023-12-04 23:00

Summary

IBM InfoSphere Information Server: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.

Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-46174

In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-43804

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-43642

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-43021

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-43015

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-42022

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-42019

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-42009

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-40699

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-39410

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-38268

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2023-34462

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2022-25883

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2021-23337

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2020-8203

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

CVE-2020-28500

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM InfoSphere Information Server 11.7 IBM	`cpe:/a:ibm:infosphere_information_server:11.7`	—

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2023:7637	external
https://www.ibm.com/support/pages/node/7074335	external
https://www.ibm.com/support/pages/node/7074317	external
https://www.ibm.com/support/pages/node/7070765	external
https://www.ibm.com/support/pages/node/7070761	external
https://www.ibm.com/support/pages/node/7070759	external
https://www.ibm.com/support/pages/node/7070755	external
https://www.ibm.com/support/pages/node/7067719	external
https://www.ibm.com/support/pages/node/7067717	external
https://www.ibm.com/support/pages/node/7067714	external
https://www.ibm.com/support/pages/node/7067704	external
https://www.ibm.com/support/pages/node/7067700	external
https://www.ibm.com/support/pages/node/7067682	external
https://www.ibm.com/support/pages/node/7067630	external
https://www.ibm.com/support/pages/node/7067614	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3025 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3025.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3025 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3025"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:7637"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074335"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7074317"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070765"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070761"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070759"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7070755"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067719"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067717"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067714"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067704"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067700"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067682"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067630"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory vom 2023-11-28",
        "url": "https://www.ibm.com/support/pages/node/7067614"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:02:10.203+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3025",
      "initial_release_date": "2023-11-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM InfoSphere Information Server 11.7",
            "product": {
              "name": "IBM InfoSphere Information Server 11.7",
              "product_id": "444803",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46174",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-46174"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-43021",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43021"
    },
    {
      "cve": "CVE-2023-43015",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-43015"
    },
    {
      "cve": "CVE-2023-42022",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42022"
    },
    {
      "cve": "CVE-2023-42019",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42019"
    },
    {
      "cve": "CVE-2023-42009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-42009"
    },
    {
      "cve": "CVE-2023-40699",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-40699"
    },
    {
      "cve": "CVE-2023-39410",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-39410"
    },
    {
      "cve": "CVE-2023-38268",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-38268"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2022-25883",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2021-23337",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2021-23337"
    },
    {
      "cve": "CVE-2020-8203",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-28500",
      "notes": [
        {
          "category": "description",
          "text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese bestehen in dem Kernprodukt sowie in einigen Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "444803"
        ]
      },
      "release_date": "2023-11-28T23:00:00.000+00:00",
      "title": "CVE-2020-28500"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8203 (GCVE-0-2020-8203)

RHSA-2021:3917

RHSA-2021_3917

VAR-202007-1448

WID-SEC-W-2022-1375

WID-SEC-W-2023-1350

WID-SEC-W-2023-2981

WID-SEC-W-2023-3025

Tags

Sightings

Nomenclature