Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-30122 (GCVE-0-2022-30122)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2024-11-19 20:16
VLAI?
EPSS
Summary
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Denial of Service (CWE-400)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rack/rack |
Affected:
2.0.9.1, 2.1.4.1, 2.2.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"name": "DSA-5530",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5530"
},
{
"name": "GLSA-202310-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-13T16:09:46.798688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T20:16:22.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rack/rack",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0.9.1, 2.1.4.1, 2.2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T22:06:21.756956",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"name": "DSA-5530",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5530"
},
{
"name": "GLSA-202310-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-30122",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-05-02T00:00:00",
"dateUpdated": "2024-11-19T20:16:22.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.2\", \"versionEndExcluding\": \"2.0.9.1\", \"matchCriteriaId\": \"442EB5AF-A390-4A62-8B4E-8A2C082864D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.1.0\", \"versionEndExcluding\": \"2.1.4.1\", \"matchCriteriaId\": \"32E774AF-E7BB-45EB-B5E4-66F8F5D36285\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.2.3.1\", \"matchCriteriaId\": \"6145EE1D-85D5-4744-BA51-88EC52FF2891\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.\"}, {\"lang\": \"es\", \"value\": \"Existe una posible vulnerabilidad de Denegaci\\u00f3n de Servicio (DoS) en Rack \u0026lt;2.0.9.1, \u0026lt;2.1.4.1 y \u0026lt;2.2.3.1 en el componente de an\\u00e1lisis multiparte de Rack.\"}]",
"id": "CVE-2022-30122",
"lastModified": "2024-11-21T07:02:12.160",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-12-05T22:15:10.227",
"references": "[{\"url\": \"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-18\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0012/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5530\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0012/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1333\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30122\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-12-05T22:15:10.227\",\"lastModified\":\"2024-11-21T07:02:12.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.\"},{\"lang\":\"es\",\"value\":\"Existe una posible vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en Rack \u0026lt;2.0.9.1, \u0026lt;2.1.4.1 y \u0026lt;2.2.3.1 en el componente de an\u00e1lisis multiparte de Rack.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2\",\"versionEndExcluding\":\"2.0.9.1\",\"matchCriteriaId\":\"442EB5AF-A390-4A62-8B4E-8A2C082864D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.4.1\",\"matchCriteriaId\":\"32E774AF-E7BB-45EB-B5E4-66F8F5D36285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3.1\",\"matchCriteriaId\":\"6145EE1D-85D5-4744-BA51-88EC52FF2891\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-18\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231208-0012/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5530\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231208-0012/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5530\", \"name\": \"DSA-5530\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-18\", \"name\": \"GLSA-202310-18\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0012/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:40:47.618Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-30122\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-13T16:09:46.798688Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T20:16:16.233Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"https://github.com/rack/rack\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.9.1, 2.1.4.1, 2.2.3.1\"}]}], \"references\": [{\"url\": \"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5530\", \"name\": \"DSA-5530\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-18\", \"name\": \"GLSA-202310-18\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0012/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Denial of Service (CWE-400)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-12-08T22:06:21.756956\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-30122\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T20:16:22.716Z\", \"dateReserved\": \"2022-05-02T00:00:00\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2022-12-05T00:00:00\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2022-1905
Vulnerability from csaf_certbund - Published: 2022-10-30 23:00 - Updated: 2023-03-27 22:00Summary
Red Hat Satellite: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um einen Denial of Service Angriff durchzuführen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1905 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1905.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1905 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1905"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "RHSA-2022:7242 - Security Advisory vom 2022-10-30",
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-03-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:37:17.561+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1905",
"initial_release_date": "2022-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite \u003c 6.11.4",
"product": {
"name": "Red Hat Satellite \u003c 6.11.4",
"product_id": "T025150",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11.4"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Satellite. Der Fehler besteht in der Komponente ruby-rack. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er mehrteilige POST-Anfragen erstellt, um einen Denial-of-Service-Zustand auszul\u00f6sen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646"
]
},
"release_date": "2022-10-30T23:00:00.000+00:00",
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-31163",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Satellite. Der Fehler besteht in der Komponente rubygem-tzinfo aufgrund eines Fehlers bei der Verwendung der Funktion Timezone.get. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646"
]
},
"release_date": "2022-10-30T23:00:00.000+00:00",
"title": "CVE-2022-31163"
}
]
}
WID-SEC-W-2022-0262
Vulnerability from csaf_certbund - Published: 2022-06-09 22:00 - Updated: 2025-05-18 22:00Summary
Ruby: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Ruby ist eine interpretierte, objektorientierte Skriptsprache.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby ausnutzen, um einen Denial of Service Angriff durchzuführen, einen Cross-Site-Scripting-Angriff durchzuführen oder beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Ruby ist eine interpretierte, objektorientierte Skriptsprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0262 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0262.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0262 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0262"
},
{
"category": "external",
"summary": "Ruby on Rails Release Notes vom 2022-06-09",
"url": "https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2192-1 vom 2022-06-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011366.html"
},
{
"category": "external",
"summary": "PoC vom 2022-07-07",
"url": "https://hackerone.com/reports/1530898"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2526-1 vom 2022-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011630.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2870-1 vom 2022-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011964.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2885-1 vom 2022-08-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011985.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3095 vom 2022-09-04",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00004.html"
},
{
"category": "external",
"summary": "HCL Article KB0100982 vom 2022-10-12",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100982"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7343 vom 2022-11-02",
"url": "https://access.redhat.com/errata/RHSA-2022:7343"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7343 vom 2022-11-03",
"url": "https://linux.oracle.com/errata/ELSA-2022-7343.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8506 vom 2022-11-16",
"url": "https://access.redhat.com/errata/RHSA-2022:8506"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3227 vom 2022-12-06",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1895 vom 2022-12-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1895.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0632 vom 2023-02-15",
"url": "https://access.redhat.com/errata/RHSA-2023:0632"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5896-1 vom 2023-02-27",
"url": "https://ubuntu.com/security/notices/USN-5896-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3566 vom 2023-09-13",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5530 vom 2023-10-22",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00226.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202310-18 vom 2023-10-30",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023103029"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7036-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7036-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3902 vom 2024-09-28",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14811-1 vom 2025-02-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FLQ74D2IZAJC5KD6QXVUZAQ6O5LNAWZX/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15125-1 vom 2025-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4QQONV4QKIWHRILZMO26H7FGDPO7KJAF/"
}
],
"source_lang": "en-US",
"title": "Ruby: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-18T22:00:00.000+00:00",
"generator": {
"date": "2025-05-19T08:27:31.797+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0262",
"initial_release_date": "2022-06-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-06-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-06-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-07-06T22:00:00.000+00:00",
"number": "3",
"summary": "PoC f\u00fcr Schwachstelle CVE-2022-32209 hinzugef\u00fcgt"
},
{
"date": "2022-07-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-09-04T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-11-02T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian und Amazon aufgenommen"
},
{
"date": "2023-02-15T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-03-27T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-13T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-22T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10.0",
"product": {
"name": "HCL BigFix \u003c10.0.10.0",
"product_id": "T024886"
}
},
{
"category": "product_version",
"name": "10.0.10.0",
"product": {
"name": "HCL BigFix 10.0.10.0",
"product_id": "T024886-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:10.0.10.0"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv1.4.3",
"product": {
"name": "Open Source Ruby \u003cv1.4.3",
"product_id": "T023449"
}
},
{
"category": "product_version",
"name": "v1.4.3",
"product": {
"name": "Open Source Ruby v1.4.3",
"product_id": "T023449-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ruby-lang:ruby:v1.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.0.9.1",
"product": {
"name": "Open Source Ruby \u003c2.0.9.1",
"product_id": "T023450"
}
},
{
"category": "product_version",
"name": "2.0.9.1",
"product": {
"name": "Open Source Ruby 2.0.9.1",
"product_id": "T023450-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ruby-lang:ruby:2.0.9.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.1.4.1",
"product": {
"name": "Open Source Ruby \u003c2.1.4.1",
"product_id": "T023451"
}
},
{
"category": "product_version",
"name": "2.1.4.1",
"product": {
"name": "Open Source Ruby 2.1.4.1",
"product_id": "T023451-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ruby-lang:ruby:2.1.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.2.3.1",
"product": {
"name": "Open Source Ruby \u003c2.2.3.1",
"product_id": "T023452"
}
},
{
"category": "product_version",
"name": "2.2.3.1",
"product": {
"name": "Open Source Ruby 2.2.3.1",
"product_id": "T023452-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ruby-lang:ruby:2.2.3.1"
}
}
}
],
"category": "product_name",
"name": "Ruby"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T024886",
"T000126",
"T027843",
"T023452",
"398363",
"T012167",
"T004914",
"T023450",
"T023451"
]
},
"release_date": "2022-06-09T22:00:00.000+00:00",
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T024886",
"T000126",
"T027843",
"T023452",
"398363",
"T012167",
"T004914",
"T023450",
"T023451"
]
},
"release_date": "2022-06-09T22:00:00.000+00:00",
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-32209",
"product_status": {
"known_affected": [
"T023449",
"2951",
"T002207",
"67646",
"T024886",
"T000126",
"T027843",
"398363",
"T012167",
"T004914"
]
},
"release_date": "2022-06-09T22:00:00.000+00:00",
"title": "CVE-2022-32209"
}
]
}
OPENSUSE-SU-2024:12974-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.2-rubygem-rack-2.2-2.2.7-1.1 on GA media
Notes
Title of the patch
ruby3.2-rubygem-rack-2.2-2.2.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.2-rubygem-rack-2.2-2.2.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12974
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.2-rubygem-rack-2.2-2.2.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12974",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12974-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
}
],
"title": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12974-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"product": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"product_id": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"product": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"product_id": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"product": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"product_id": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64",
"product": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64",
"product_id": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64"
},
"product_reference": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le"
},
"product_reference": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x"
},
"product_reference": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
},
"product_reference": "ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
}
]
}
OPENSUSE-SU-2024:12397-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-rack-2.2-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12397
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-rack-2.2-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12397",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12397-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12397-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"product_id": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
OPENSUSE-SU-2024:12119-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-rack-2.2.3.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12119
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-rack-2.2.3.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12119",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12119-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "ruby3.1-rubygem-rack-2.2.3.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12119-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"product_id": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
OPENSUSE-SU-2024:13167-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.2-rubygem-rack-3.0.7-1.2 on GA media
Notes
Title of the patch
ruby3.2-rubygem-rack-3.0.7-1.2 on GA media
Description of the patch
These are all security issues fixed in the ruby3.2-rubygem-rack-3.0.7-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13167
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.2-rubygem-rack-3.0.7-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.2-rubygem-rack-3.0.7-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13167",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13167-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
}
],
"title": "ruby3.2-rubygem-rack-3.0.7-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13167-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"product": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"product_id": "ruby3.2-rubygem-rack-3.0.7-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"product": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"product_id": "ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"product": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"product_id": "ruby3.2-rubygem-rack-3.0.7-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.x86_64",
"product": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.x86_64",
"product_id": "ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64"
},
"product_reference": "ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le"
},
"product_reference": "ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x"
},
"product_reference": "ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rack-3.0.7-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
},
"product_reference": "ruby3.2-rubygem-rack-3.0.7-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
}
]
}
OPENSUSE-SU-2024:13726-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.3-rubygem-rack-3.0.9.1-1.1 on GA media
Notes
Title of the patch
ruby3.3-rubygem-rack-3.0.9.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.3-rubygem-rack-3.0.9.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13726
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.3-rubygem-rack-3.0.9.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.3-rubygem-rack-3.0.9.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13726",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13726-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26146/"
}
],
"title": "ruby3.3-rubygem-rack-3.0.9.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13726-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"product": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"product_id": "ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"product": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"product_id": "ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"product": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"product_id": "ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64",
"product": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64",
"product_id": "ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64"
},
"product_reference": "ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le"
},
"product_reference": "ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x"
},
"product_reference": "ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
},
"product_reference": "ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
},
{
"cve": "CVE-2023-27530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27530"
}
],
"notes": [
{
"category": "general",
"text": "A DoS vulnerability exists in Rack \u003cv3.0.4.2, \u003cv2.2.6.3, \u003cv2.1.4.3 and \u003cv2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27530",
"url": "https://www.suse.com/security/cve/CVE-2023-27530"
},
{
"category": "external",
"summary": "SUSE Bug 1209095 for CVE-2023-27530",
"url": "https://bugzilla.suse.com/1209095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-27530"
},
{
"cve": "CVE-2023-27539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27539"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the header parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27539",
"url": "https://www.suse.com/security/cve/CVE-2023-27539"
},
{
"category": "external",
"summary": "SUSE Bug 1209503 for CVE-2023-27539",
"url": "https://bugzilla.suse.com/1209503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27539"
},
{
"cve": "CVE-2024-25126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25126"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u0027s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25126",
"url": "https://www.suse.com/security/cve/CVE-2024-25126"
},
{
"category": "external",
"summary": "SUSE Bug 1220239 for CVE-2024-25126",
"url": "https://bugzilla.suse.com/1220239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-25126"
},
{
"cve": "CVE-2024-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26141"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26141",
"url": "https://www.suse.com/security/cve/CVE-2024-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1220242 for CVE-2024-26141",
"url": "https://bugzilla.suse.com/1220242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-26141"
},
{
"cve": "CVE-2024-26146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26146"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26146",
"url": "https://www.suse.com/security/cve/CVE-2024-26146"
},
{
"category": "external",
"summary": "SUSE Bug 1220248 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1220248"
},
{
"category": "external",
"summary": "SUSE Bug 1227310 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1227310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-26146"
}
]
}
OPENSUSE-SU-2025:14811-1
Vulnerability from csaf_opensuse - Published: 2025-02-14 00:00 - Updated: 2025-02-14 00:00Summary
ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media
Notes
Title of the patch
ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.11-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.11-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14811-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14811-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FLQ74D2IZAJC5KD6QXVUZAQ6O5LNAWZX/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14811-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FLQ74D2IZAJC5KD6QXVUZAQ6O5LNAWZX/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25184/"
}
],
"title": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-14T00:00:00Z",
"generator": {
"date": "2025-02-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14811-1",
"initial_release_date": "2025-02-14T00:00:00Z",
"revision_history": [
{
"date": "2025-02-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"product": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"product_id": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"product": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"product_id": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"product": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"product_id": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64",
"product": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64",
"product_id": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64"
},
"product_reference": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le"
},
"product_reference": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x"
},
"product_reference": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
},
"product_reference": "ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
},
{
"cve": "CVE-2023-27530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27530"
}
],
"notes": [
{
"category": "general",
"text": "A DoS vulnerability exists in Rack \u003cv3.0.4.2, \u003cv2.2.6.3, \u003cv2.1.4.3 and \u003cv2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27530",
"url": "https://www.suse.com/security/cve/CVE-2023-27530"
},
{
"category": "external",
"summary": "SUSE Bug 1209095 for CVE-2023-27530",
"url": "https://bugzilla.suse.com/1209095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-27530"
},
{
"cve": "CVE-2023-27539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27539"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the header parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27539",
"url": "https://www.suse.com/security/cve/CVE-2023-27539"
},
{
"category": "external",
"summary": "SUSE Bug 1209503 for CVE-2023-27539",
"url": "https://bugzilla.suse.com/1209503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27539"
},
{
"cve": "CVE-2024-25126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25126"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u0027s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25126",
"url": "https://www.suse.com/security/cve/CVE-2024-25126"
},
{
"category": "external",
"summary": "SUSE Bug 1220239 for CVE-2024-25126",
"url": "https://bugzilla.suse.com/1220239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-25126"
},
{
"cve": "CVE-2024-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26141"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26141",
"url": "https://www.suse.com/security/cve/CVE-2024-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1220242 for CVE-2024-26141",
"url": "https://bugzilla.suse.com/1220242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-26141"
},
{
"cve": "CVE-2024-26146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26146"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26146",
"url": "https://www.suse.com/security/cve/CVE-2024-26146"
},
{
"category": "external",
"summary": "SUSE Bug 1220248 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1220248"
},
{
"category": "external",
"summary": "SUSE Bug 1227310 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1227310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-26146"
},
{
"cve": "CVE-2025-25184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25184"
}
],
"notes": [
{
"category": "general",
"text": "Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env[\u0027REMOTE_USER\u0027] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25184",
"url": "https://www.suse.com/security/cve/CVE-2025-25184"
},
{
"category": "external",
"summary": "SUSE Bug 1237141 for CVE-2025-25184",
"url": "https://bugzilla.suse.com/1237141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25184"
}
]
}
OPENSUSE-SU-2025:14875-1
Vulnerability from csaf_opensuse - Published: 2025-03-11 00:00 - Updated: 2025-03-11 00:00Summary
ruby3.4-rubygem-rack-3.1.12-1.1 on GA media
Notes
Title of the patch
ruby3.4-rubygem-rack-3.1.12-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.4-rubygem-rack-3.1.12-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14875
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.4-rubygem-rack-3.1.12-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.4-rubygem-rack-3.1.12-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14875",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14875-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14875-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MOZFATD6SCQREBY3SZW5KQJPN6KN7A6D/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14875-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MOZFATD6SCQREBY3SZW5KQJPN6KN7A6D/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27111 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27111/"
}
],
"title": "ruby3.4-rubygem-rack-3.1.12-1.1 on GA media",
"tracking": {
"current_release_date": "2025-03-11T00:00:00Z",
"generator": {
"date": "2025-03-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14875-1",
"initial_release_date": "2025-03-11T00:00:00Z",
"revision_history": [
{
"date": "2025-03-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"product": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"product_id": "ruby3.4-rubygem-rack-3.1.12-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"product": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"product_id": "ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"product": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"product_id": "ruby3.4-rubygem-rack-3.1.12-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.x86_64",
"product": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.x86_64",
"product_id": "ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64"
},
"product_reference": "ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le"
},
"product_reference": "ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x"
},
"product_reference": "ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.4-rubygem-rack-3.1.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
},
"product_reference": "ruby3.4-rubygem-rack-3.1.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
},
{
"cve": "CVE-2023-27530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27530"
}
],
"notes": [
{
"category": "general",
"text": "A DoS vulnerability exists in Rack \u003cv3.0.4.2, \u003cv2.2.6.3, \u003cv2.1.4.3 and \u003cv2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27530",
"url": "https://www.suse.com/security/cve/CVE-2023-27530"
},
{
"category": "external",
"summary": "SUSE Bug 1209095 for CVE-2023-27530",
"url": "https://bugzilla.suse.com/1209095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-27530"
},
{
"cve": "CVE-2023-27539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27539"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the header parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27539",
"url": "https://www.suse.com/security/cve/CVE-2023-27539"
},
{
"category": "external",
"summary": "SUSE Bug 1209503 for CVE-2023-27539",
"url": "https://bugzilla.suse.com/1209503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27539"
},
{
"cve": "CVE-2024-25126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25126"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u0027s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25126",
"url": "https://www.suse.com/security/cve/CVE-2024-25126"
},
{
"category": "external",
"summary": "SUSE Bug 1220239 for CVE-2024-25126",
"url": "https://bugzilla.suse.com/1220239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-25126"
},
{
"cve": "CVE-2024-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26141"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26141",
"url": "https://www.suse.com/security/cve/CVE-2024-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1220242 for CVE-2024-26141",
"url": "https://bugzilla.suse.com/1220242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-26141"
},
{
"cve": "CVE-2024-26146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26146"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26146",
"url": "https://www.suse.com/security/cve/CVE-2024-26146"
},
{
"category": "external",
"summary": "SUSE Bug 1220248 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1220248"
},
{
"category": "external",
"summary": "SUSE Bug 1227310 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1227310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-26146"
},
{
"cve": "CVE-2025-25184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25184"
}
],
"notes": [
{
"category": "general",
"text": "Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. When a user provides the authorization credentials via Rack::Auth::Basic, if success, the username will be put in env[\u0027REMOTE_USER\u0027] and later be used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile. Attackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files. Versions 2.2.11, 3.0.12, and 3.1.10 contain a fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25184",
"url": "https://www.suse.com/security/cve/CVE-2025-25184"
},
{
"category": "external",
"summary": "SUSE Bug 1237141 for CVE-2025-25184",
"url": "https://bugzilla.suse.com/1237141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25184"
},
{
"cve": "CVE-2025-27111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27111"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27111",
"url": "https://www.suse.com/security/cve/CVE-2025-27111"
},
{
"category": "external",
"summary": "SUSE Bug 1238607 for CVE-2025-27111",
"url": "https://bugzilla.suse.com/1238607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-27111"
}
]
}
OPENSUSE-SU-2024:13727-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 on GA media
Notes
Title of the patch
ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13727
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13727",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13727-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0262 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0263 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16782 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8184 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44570 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44572 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-27539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-27539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26146 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26146/"
}
],
"title": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13727-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"product": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"product_id": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"product": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"product_id": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"product": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"product_id": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64",
"product": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64",
"product_id": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64"
},
"product_reference": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le"
},
"product_reference": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x"
},
"product_reference": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
},
"product_reference": "ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0262"
}
],
"notes": [
{
"category": "general",
"text": "rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0262",
"url": "https://www.suse.com/security/cve/CVE-2013-0262"
},
{
"category": "external",
"summary": "SUSE Bug 802795 for CVE-2013-0262",
"url": "https://bugzilla.suse.com/802795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0262"
},
{
"cve": "CVE-2013-0263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0263"
}
],
"notes": [
{
"category": "general",
"text": "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0263",
"url": "https://www.suse.com/security/cve/CVE-2013-0263"
},
{
"category": "external",
"summary": "SUSE Bug 802794 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/802794"
},
{
"category": "external",
"summary": "SUSE Bug 809839 for CVE-2013-0263",
"url": "https://bugzilla.suse.com/809839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-0263"
},
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
},
{
"cve": "CVE-2018-16471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16471"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to \u0027http\u0027 or \u0027https\u0027 and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16471",
"url": "https://www.suse.com/security/cve/CVE-2018-16471"
},
{
"category": "external",
"summary": "SUSE Bug 1114828 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1114828"
},
{
"category": "external",
"summary": "SUSE Bug 1116600 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1116600"
},
{
"category": "external",
"summary": "SUSE Bug 1122178 for CVE-2018-16471",
"url": "https://bugzilla.suse.com/1122178"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16471"
},
{
"cve": "CVE-2019-16782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16782"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16782",
"url": "https://www.suse.com/security/cve/CVE-2019-16782"
},
{
"category": "external",
"summary": "SUSE Bug 1159548 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1159548"
},
{
"category": "external",
"summary": "SUSE Bug 1183174 for CVE-2019-16782",
"url": "https://bugzilla.suse.com/1183174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16782"
},
{
"cve": "CVE-2020-8184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8184"
}
],
"notes": [
{
"category": "general",
"text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8184",
"url": "https://www.suse.com/security/cve/CVE-2020-8184"
},
{
"category": "external",
"summary": "SUSE Bug 1173351 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1173351"
},
{
"category": "external",
"summary": "SUSE Bug 1177352 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1177352"
},
{
"category": "external",
"summary": "SUSE Bug 1193081 for CVE-2020-8184",
"url": "https://bugzilla.suse.com/1193081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8184"
},
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
},
{
"cve": "CVE-2022-44570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44570"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the Range header parsing component of Rack \u003e= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44570",
"url": "https://www.suse.com/security/cve/CVE-2022-44570"
},
{
"category": "external",
"summary": "SUSE Bug 1207597 for CVE-2022-44570",
"url": "https://bugzilla.suse.com/1207597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44570"
},
{
"cve": "CVE-2022-44571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44571"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44571",
"url": "https://www.suse.com/security/cve/CVE-2022-44571"
},
{
"category": "external",
"summary": "SUSE Bug 1207599 for CVE-2022-44571",
"url": "https://bugzilla.suse.com/1207599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44571"
},
{
"cve": "CVE-2022-44572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44572"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44572",
"url": "https://www.suse.com/security/cve/CVE-2022-44572"
},
{
"category": "external",
"summary": "SUSE Bug 1207596 for CVE-2022-44572",
"url": "https://bugzilla.suse.com/1207596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44572"
},
{
"cve": "CVE-2023-27530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27530"
}
],
"notes": [
{
"category": "general",
"text": "A DoS vulnerability exists in Rack \u003cv3.0.4.2, \u003cv2.2.6.3, \u003cv2.1.4.3 and \u003cv2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27530",
"url": "https://www.suse.com/security/cve/CVE-2023-27530"
},
{
"category": "external",
"summary": "SUSE Bug 1209095 for CVE-2023-27530",
"url": "https://bugzilla.suse.com/1209095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-27530"
},
{
"cve": "CVE-2023-27539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-27539"
}
],
"notes": [
{
"category": "general",
"text": "There is a denial of service vulnerability in the header parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-27539",
"url": "https://www.suse.com/security/cve/CVE-2023-27539"
},
{
"category": "external",
"summary": "SUSE Bug 1209503 for CVE-2023-27539",
"url": "https://bugzilla.suse.com/1209503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-27539"
},
{
"cve": "CVE-2024-25126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25126"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u0027s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25126",
"url": "https://www.suse.com/security/cve/CVE-2024-25126"
},
{
"category": "external",
"summary": "SUSE Bug 1220239 for CVE-2024-25126",
"url": "https://bugzilla.suse.com/1220239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-25126"
},
{
"cve": "CVE-2024-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26141"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26141",
"url": "https://www.suse.com/security/cve/CVE-2024-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1220242 for CVE-2024-26141",
"url": "https://bugzilla.suse.com/1220242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-26141"
},
{
"cve": "CVE-2024-26146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26146"
}
],
"notes": [
{
"category": "general",
"text": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26146",
"url": "https://www.suse.com/security/cve/CVE-2024-26146"
},
{
"category": "external",
"summary": "SUSE Bug 1220248 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1220248"
},
{
"category": "external",
"summary": "SUSE Bug 1227310 for CVE-2024-26146",
"url": "https://bugzilla.suse.com/1227310"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-26146"
}
]
}
GSD-2022-30122
Vulnerability from gsd - Updated: 2022-06-27 00:00Details
There is a possible denial of service vulnerability in the multipart parsing
component of Rack. This vulnerability has been assigned the CVE identifier
CVE-2022-30122.
Versions Affected: >= 1.2
Not affected: < 1.2
Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1
## Impact
Carefully crafted multipart POST requests can cause Rack's multipart parser to
take much longer than expected, leading to a possible denial of service
vulnerability.
Impacted code will use Rack's multipart parser to parse multipart posts. This
includes directly using the multipart parser like this:
```
params = Rack::Multipart.parse_multipart(env)
```
But it also includes reading POST data from a Rack request object like this:
```
p request.POST # read POST data
p request.params # reads both query params and POST data
```
All users running an affected release should either upgrade or use one of the
workarounds immediately.
## Workarounds
There are no feasible workarounds for this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-30122",
"id": "GSD-2022-30122",
"references": [
"https://www.suse.com/security/cve/CVE-2022-30122.html",
"https://advisories.mageia.org/CVE-2022-30122.html",
"https://access.redhat.com/errata/RHSA-2022:7242",
"https://ubuntu.com/security/CVE-2022-30122"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack",
"purl": "pkg:gem/rack"
}
}
],
"aliases": [
"CVE-2022-30122",
"GHSA-hxqx-xwvh-44m2"
],
"details": "There is a possible denial of service vulnerability in the multipart parsing\ncomponent of Rack. This vulnerability has been assigned the CVE identifier\nCVE-2022-30122.\n\nVersions Affected: \u003e= 1.2\nNot affected: \u003c 1.2\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack\u0027s multipart parser to\ntake much longer than expected, leading to a possible denial of service\nvulnerability.\n\nImpacted code will use Rack\u0027s multipart parser to parse multipart posts. This\nincludes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n",
"id": "GSD-2022-30122",
"modified": "2022-06-27T00:00:00.000Z",
"published": "2022-06-27T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V3"
}
],
"summary": "Denial of Service Vulnerability in Rack Multipart Parsing"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-30122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rack/rack",
"version": {
"version_data": [
{
"version_value": "2.0.9.1, 2.1.4.1, 2.2.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729",
"refsource": "MISC",
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"name": "DSA-5530",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5530"
},
{
"name": "GLSA-202310-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231208-0012/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-30122",
"cvss_v3": 7.5,
"date": "2022-06-27",
"description": "There is a possible denial of service vulnerability in the multipart parsing\ncomponent of Rack. This vulnerability has been assigned the CVE identifier\nCVE-2022-30122.\n\nVersions Affected: \u003e= 1.2\nNot affected: \u003c 1.2\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack\u0027s multipart parser to\ntake much longer than expected, leading to a possible denial of service\nvulnerability.\n\nImpacted code will use Rack\u0027s multipart parser to parse multipart posts. This\nincludes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n",
"gem": "rack",
"ghsa": "hxqx-xwvh-44m2",
"patched_versions": [
"~\u003e 2.0.9, \u003e= 2.0.9.1",
"~\u003e 2.1.4, \u003e= 2.1.4.1",
"\u003e= 2.2.3.1"
],
"title": "Denial of Service Vulnerability in Rack Multipart Parsing",
"unaffected_versions": [
"\u003c 1.2"
],
"url": "https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.2 \u003c2.0.9.1||\u003e=2.1.0 \u003c2.1.4.1||\u003e=2.2.0 \u003c2.2.3.1",
"affected_versions": "All versions starting from 1.2 before 2.0.9.1, all versions starting from 2.1.0 before 2.1.4.1, all versions starting from 2.2.0 before 2.2.3.1",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-07-21",
"description": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"fixed_versions": [
"2.0.9.1",
"2.1.4.1",
"2.2.3.1"
],
"identifier": "CVE-2022-30122",
"identifiers": [
"CVE-2022-30122",
"GHSA-hxqx-xwvh-44m2",
"GMS-2022-1643"
],
"not_impacted": "All versions before 1.2, all versions starting from 2.0.9.1 before 2.1.0, all versions starting from 2.1.4.1 before 2.2.0, all versions starting from 2.2.3.1",
"package_slug": "gem/rack",
"pubdate": "2022-12-05",
"solution": "Upgrade to versions 2.0.9.1, 2.1.4.1, 2.2.3.1 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk",
"https://github.com/advisories/GHSA-hxqx-xwvh-44m2"
],
"uuid": "45e4da61-8808-4db2-9bf6-bcdc8c6c1bcd"
},
{
"affected_range": "\u003c0",
"affected_versions": "All versions starting from 1.2 up to 2.0.9.0, all versions starting from 2.1 up to 2.1.4.0, all versions starting from 2.2 up to 2.2.3.0",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-05-27",
"description": "Carefully crafted multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack\u0027s multipart parser to parse multipart posts.",
"fixed_versions": [
"2.0.9.1",
"2.1.4.1",
"2.2.3.1"
],
"identifier": "GMS-2022-1643",
"identifiers": [
"GHSA-hxqx-xwvh-44m2",
"GMS-2022-1643",
"CVE-2022-30122"
],
"not_impacted": "All versions before 1.2, all versions after 2.0.9.0 before 2.1, all versions after 2.1.4.0 before 2.2, all versions after 2.2.3.0",
"package_slug": "gem/rack",
"pubdate": "2022-05-27",
"solution": "Upgrade to versions 2.0.9.1, 2.1.4.1, 2.2.3.1 or above.",
"title": "Duplicate of ./gem/rack/CVE-2022-30122.yml",
"urls": [
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk",
"https://github.com/advisories/GHSA-hxqx-xwvh-44m2"
],
"uuid": "20daa17a-47b5-4f79-80c2-cd8f2db9805c"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442EB5AF-A390-4A62-8B4E-8A2C082864D3",
"versionEndExcluding": "2.0.9.1",
"versionStartIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E774AF-E7BB-45EB-B5E4-66F8F5D36285",
"versionEndExcluding": "2.1.4.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6145EE1D-85D5-4744-BA51-88EC52FF2891",
"versionEndExcluding": "2.2.3.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack."
},
{
"lang": "es",
"value": "Existe una posible vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en Rack \u0026lt;2.0.9.1, \u0026lt;2.1.4.1 y \u0026lt;2.2.3.1 en el componente de an\u00e1lisis multiparte de Rack."
}
],
"id": "CVE-2022-30122",
"lastModified": "2023-12-20T03:02:05.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T22:15:10.227",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5530"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
}
]
}
}
}
}
CERTFR-2022-AVI-506
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Ruby on Rails . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 2.1.x antérieures à 2.1.4.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions antérieures à 2.0.9.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 2.2.x antérieures à 2.2.3.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 2.1.x ant\u00e9rieures \u00e0 2.1.4.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions ant\u00e9rieures \u00e0 2.0.9.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 2.2.x ant\u00e9rieures \u00e0 2.2.3.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"name": "CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails .\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30123 du 27 mai 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/PqEYO9ARpq0"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30122 du 27 mai 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/J4PJo_cB-4c"
}
]
}
CERTFR-2022-AVI-506
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Ruby on Rails . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 2.1.x antérieures à 2.1.4.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions antérieures à 2.0.9.1 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 2.2.x antérieures à 2.2.3.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 2.1.x ant\u00e9rieures \u00e0 2.1.4.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions ant\u00e9rieures \u00e0 2.0.9.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 2.2.x ant\u00e9rieures \u00e0 2.2.3.1",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"name": "CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails .\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30123 du 27 mai 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/PqEYO9ARpq0"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30122 du 27 mai 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/J4PJo_cB-4c"
}
]
}
RHSA-2023:1486
Vulnerability from csaf_redhat - Published: 2023-03-28 00:18 - Updated: 2025-12-05 06:19Summary
Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update
Notes
Topic
An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)
* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)
* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1486",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update",
"tracking": {
"current_release_date": "2025-12-05T06:19:37+00:00",
"generator": {
"date": "2025-12-05T06:19:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2023:1486",
"initial_release_date": "2023-03-28T00:18:32+00:00",
"revision_history": [
{
"date": "2023-03-28T00:18:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-28T00:18:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T06:19:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.5:wa:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product_id": "grafana-0:5.2.4-6.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product": {
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product_id": "python-django-0:1.11.27-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product_id": "ruby-0:2.4.9-94.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src"
},
"product_reference": "python-django-0:1.11.27-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch"
},
"product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch"
},
"product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
},
"product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch"
},
"product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2071616"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "puma-5.6.4: http request smuggling vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "RHBZ#2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
}
],
"release_date": "2022-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "puma-5.6.4: http request smuggling vulnerabilities"
},
{
"cve": "CVE-2022-30122",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099519"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted multipart POST request may cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "RHBZ#2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: crafted multipart POST request may cause a DoS"
},
{
"cve": "CVE-2022-30123",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099524"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted requests can cause shell escape sequences",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "RHBZ#2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr",
"url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: crafted requests can cause shell escape sequences"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-31163",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2022-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2110551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-tzinfo: arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31163"
},
{
"category": "external",
"summary": "RHBZ#2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
},
{
"category": "external",
"summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
"url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
}
],
"release_date": "2022-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "workaround",
"details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-tzinfo: arbitrary code execution"
}
]
}
RHSA-2022_7242
Vulnerability from csaf_redhat - Published: 2022-10-27 13:04 - Updated: 2024-11-22 20:42Summary
Red Hat Security Advisory: Satellite 6.11.4 Async Security Update
Notes
Topic
Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.
Details
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
This update fixes the following bugs:
2131757 - Enhance foreman-rake katello:correct_repositories to handle Katello::Errors::CandlepinError: Unable to find content with the ID "xxxxxxxxxxx".
2131759 - RHEL 9 provisioned host goes into emergency mode after initial reboot
2131761 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error
2131763 - Running "satellite-maintain self-upgrade" on a Satellite\Capsule 6.11.1.1 fails with error "Error: 'satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms' does not match a valid repository ID"
2131769 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address
2131771 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12
2131773 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository
2131776 - please update to Satellite Ansible Collection 3.6.0
2131781 - 'candlepin-validate-db' pre-upgrade check fails with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup with SSL
2131788 - Documentation bug for the compute_resource module
2131790 - [BUG] Invalid choice for template_kind listed for os_default_template module
2132075 - CVE-2022-31163 tfm-rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]
2132076 - CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]
2132079 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS [rhn_satellite_6-default]
2122205 - Package "python3-pulp_manifest" is not available in Satellite Utils repository
2132999 - Satellite cannot be installed on RHEL 8.7
CVEs
CVE-2022-30122
CVE-2022-31163
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nThis update fixes the following bugs:\n\n2131757 - Enhance foreman-rake katello:correct_repositories to handle Katello::Errors::CandlepinError: Unable to find content with the ID \"xxxxxxxxxxx\".\n2131759 - RHEL 9 provisioned host goes into emergency mode after initial reboot\n2131761 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error\n2131763 - Running \"satellite-maintain self-upgrade\" on a Satellite\\Capsule 6.11.1.1 fails with error \"Error: \u0027satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms\u0027 does not match a valid repository ID\"\n2131769 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address\n2131771 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12\n2131773 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository\n2131776 - please update to Satellite Ansible Collection 3.6.0\n2131781 - \u0027candlepin-validate-db\u0027 pre-upgrade check fails with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup with SSL\n2131788 - Documentation bug for the compute_resource module\n2131790 - [BUG] Invalid choice for template_kind listed for os_default_template module\n2132075 - CVE-2022-31163 tfm-rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]\n2132076 - CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]\n2132079 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS [rhn_satellite_6-default] \n2122205 - Package \"python3-pulp_manifest\" is not available in Satellite Utils repository \n2132999 - Satellite cannot be installed on RHEL 8.7 \n\nCVEs\n\nCVE-2022-30122\nCVE-2022-31163\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7242",
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "2122205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122205"
},
{
"category": "external",
"summary": "2131757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131757"
},
{
"category": "external",
"summary": "2131759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131759"
},
{
"category": "external",
"summary": "2131761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131761"
},
{
"category": "external",
"summary": "2131763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131763"
},
{
"category": "external",
"summary": "2131769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131769"
},
{
"category": "external",
"summary": "2131771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131771"
},
{
"category": "external",
"summary": "2131773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131773"
},
{
"category": "external",
"summary": "2131776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131776"
},
{
"category": "external",
"summary": "2131781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131781"
},
{
"category": "external",
"summary": "2131788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131788"
},
{
"category": "external",
"summary": "2131790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131790"
},
{
"category": "external",
"summary": "2132999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132999"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7242.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.11.4 Async Security Update",
"tracking": {
"current_release_date": "2024-11-22T20:42:05+00:00",
"generator": {
"date": "2024-11-22T20:42:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:7242",
"initial_release_date": "2022-10-27T13:04:08+00:00",
"revision_history": [
{
"date": "2022-10-27T13:04:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-27T13:04:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T20:42:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el7sat.src",
"product": {
"name": "foreman-0:3.1.1.25-1.el7sat.src",
"product_id": "foreman-0:3.1.1.25-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product_id": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el7sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el7sat.src",
"product": {
"name": "satellite-0:6.11.4-2.el7sat.src",
"product_id": "satellite-0:6.11.4-2.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product_id": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_webhooks@2.0.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product_id": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rack@2.2.3.1-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product_id": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-tzinfo@1.2.10-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product_id": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@4.3.0.50-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product_id": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-smart_proxy_ansible@3.3.1-4.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el8sat.src",
"product": {
"name": "foreman-0:3.1.1.25-1.el8sat.src",
"product_id": "foreman-0:3.1.1.25-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product_id": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product_id": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@2.0.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product_id": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.3.0.50-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product_id": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.3.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el8sat.src",
"product": {
"name": "satellite-0:6.11.4-2.el8sat.src",
"product_id": "satellite-0:6.11.4-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product_id": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.3.1-4.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product_id": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product_id": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy-journald@3.1.1.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el7sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product_id": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_webhooks@2.0.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product_id": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rack@2.2.3.1-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product_id": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-tzinfo@1.2.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product_id": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@4.3.0.50-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product_id": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-smart_proxy_ansible@3.3.1-4.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product_id": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product_id": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy-journald@3.1.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product_id": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@2.0.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.3.0.50-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product_id": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.3.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product_id": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.3.1-4.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src"
},
"product_reference": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src"
},
"product_reference": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src"
},
"product_reference": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src"
},
"product_reference": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099519"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted multipart POST request may cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "RHBZ#2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-27T13:04:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: crafted multipart POST request may cause a DoS"
},
{
"cve": "CVE-2022-31163",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2022-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2110551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-tzinfo: arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31163"
},
{
"category": "external",
"summary": "RHBZ#2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
},
{
"category": "external",
"summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
"url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
}
],
"release_date": "2022-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-27T13:04:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
},
{
"category": "workaround",
"details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-tzinfo: arbitrary code execution"
}
]
}
RHSA-2023_1486
Vulnerability from csaf_redhat - Published: 2023-03-28 00:18 - Updated: 2024-12-18 00:38Summary
Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update
Notes
Topic
An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)
* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)
* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1486",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update",
"tracking": {
"current_release_date": "2024-12-18T00:38:44+00:00",
"generator": {
"date": "2024-12-18T00:38:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:1486",
"initial_release_date": "2023-03-28T00:18:32+00:00",
"revision_history": [
{
"date": "2023-03-28T00:18:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-28T00:18:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T00:38:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.5:wa:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product_id": "grafana-0:5.2.4-6.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product": {
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product_id": "python-django-0:1.11.27-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product_id": "ruby-0:2.4.9-94.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src"
},
"product_reference": "python-django-0:1.11.27-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch"
},
"product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch"
},
"product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
},
"product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch"
},
"product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2071616"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "puma-5.6.4: http request smuggling vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "RHBZ#2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
}
],
"release_date": "2022-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "puma-5.6.4: http request smuggling vulnerabilities"
},
{
"cve": "CVE-2022-30122",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099519"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted multipart POST request may cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "RHBZ#2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: crafted multipart POST request may cause a DoS"
},
{
"cve": "CVE-2022-30123",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099524"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted requests can cause shell escape sequences",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "RHBZ#2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr",
"url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: crafted requests can cause shell escape sequences"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-31163",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2022-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2110551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-tzinfo: arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31163"
},
{
"category": "external",
"summary": "RHBZ#2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
},
{
"category": "external",
"summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
"url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
}
],
"release_date": "2022-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "workaround",
"details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-tzinfo: arbitrary code execution"
}
]
}
RHSA-2022:7242
Vulnerability from csaf_redhat - Published: 2022-10-27 13:04 - Updated: 2025-11-21 18:34Summary
Red Hat Security Advisory: Satellite 6.11.4 Async Security Update
Notes
Topic
Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.
Details
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
This update fixes the following bugs:
2131757 - Enhance foreman-rake katello:correct_repositories to handle Katello::Errors::CandlepinError: Unable to find content with the ID "xxxxxxxxxxx".
2131759 - RHEL 9 provisioned host goes into emergency mode after initial reboot
2131761 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error
2131763 - Running "satellite-maintain self-upgrade" on a Satellite\Capsule 6.11.1.1 fails with error "Error: 'satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms' does not match a valid repository ID"
2131769 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address
2131771 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12
2131773 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository
2131776 - please update to Satellite Ansible Collection 3.6.0
2131781 - 'candlepin-validate-db' pre-upgrade check fails with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup with SSL
2131788 - Documentation bug for the compute_resource module
2131790 - [BUG] Invalid choice for template_kind listed for os_default_template module
2132075 - CVE-2022-31163 tfm-rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]
2132076 - CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]
2132079 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS [rhn_satellite_6-default]
2122205 - Package "python3-pulp_manifest" is not available in Satellite Utils repository
2132999 - Satellite cannot be installed on RHEL 8.7
CVEs
CVE-2022-30122
CVE-2022-31163
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nThis update fixes the following bugs:\n\n2131757 - Enhance foreman-rake katello:correct_repositories to handle Katello::Errors::CandlepinError: Unable to find content with the ID \"xxxxxxxxxxx\".\n2131759 - RHEL 9 provisioned host goes into emergency mode after initial reboot\n2131761 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error\n2131763 - Running \"satellite-maintain self-upgrade\" on a Satellite\\Capsule 6.11.1.1 fails with error \"Error: \u0027satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms\u0027 does not match a valid repository ID\"\n2131769 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address\n2131771 - With every edit of an exising webhook, the value in password field disappears in Satellite 6.10/6.11/6.12\n2131773 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository\n2131776 - please update to Satellite Ansible Collection 3.6.0\n2131781 - \u0027candlepin-validate-db\u0027 pre-upgrade check fails with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup with SSL\n2131788 - Documentation bug for the compute_resource module\n2131790 - [BUG] Invalid choice for template_kind listed for os_default_template module\n2132075 - CVE-2022-31163 tfm-rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]\n2132076 - CVE-2022-31163 rubygem-tzinfo: rubygem-tzinfo: arbitrary code execution [rhn_satellite_6.11]\n2132079 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS [rhn_satellite_6-default] \n2122205 - Package \"python3-pulp_manifest\" is not available in Satellite Utils repository \n2132999 - Satellite cannot be installed on RHEL 8.7 \n\nCVEs\n\nCVE-2022-30122\nCVE-2022-31163\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7242",
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "2122205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122205"
},
{
"category": "external",
"summary": "2131757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131757"
},
{
"category": "external",
"summary": "2131759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131759"
},
{
"category": "external",
"summary": "2131761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131761"
},
{
"category": "external",
"summary": "2131763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131763"
},
{
"category": "external",
"summary": "2131769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131769"
},
{
"category": "external",
"summary": "2131771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131771"
},
{
"category": "external",
"summary": "2131773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131773"
},
{
"category": "external",
"summary": "2131776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131776"
},
{
"category": "external",
"summary": "2131781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131781"
},
{
"category": "external",
"summary": "2131788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131788"
},
{
"category": "external",
"summary": "2131790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131790"
},
{
"category": "external",
"summary": "2132999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132999"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7242.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.11.4 Async Security Update",
"tracking": {
"current_release_date": "2025-11-21T18:34:19+00:00",
"generator": {
"date": "2025-11-21T18:34:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:7242",
"initial_release_date": "2022-10-27T13:04:08+00:00",
"revision_history": [
{
"date": "2022-10-27T13:04:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-27T13:04:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:34:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.11::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el7sat.src",
"product": {
"name": "foreman-0:3.1.1.25-1.el7sat.src",
"product_id": "foreman-0:3.1.1.25-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product_id": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el7sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el7sat.src",
"product": {
"name": "satellite-0:6.11.4-2.el7sat.src",
"product_id": "satellite-0:6.11.4-2.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product_id": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_webhooks@2.0.3-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product_id": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rack@2.2.3.1-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product_id": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-tzinfo@1.2.10-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product_id": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@4.3.0.50-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product_id": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-smart_proxy_ansible@3.3.1-4.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el8sat.src",
"product": {
"name": "foreman-0:3.1.1.25-1.el8sat.src",
"product_id": "foreman-0:3.1.1.25-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product_id": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product_id": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@2.0.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product_id": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.3.0.50-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product_id": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.3.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el8sat.src",
"product": {
"name": "satellite-0:6.11.4-2.el8sat.src",
"product_id": "satellite-0:6.11.4-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product_id": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.3.1-4.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.25-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product_id": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product_id": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy-journald@3.1.1.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el7sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-common-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el7sat.noarch",
"product": {
"name": "satellite-0:6.11.4-2.el7sat.noarch",
"product_id": "satellite-0:6.11.4-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product_id": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_webhooks@2.0.3-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product_id": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-rack@2.2.3.1-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product_id": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-tzinfo@1.2.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product_id": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@4.3.0.50-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product_id": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-smart_proxy_ansible@3.3.1-4.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.1.1.25-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product_id": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy@3.1.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product_id": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy-journald@3.1.1.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.0.18-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product_id": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_webhooks@2.0.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.3.0.50-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product_id": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.3.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-common-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product_id": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.11.4-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product_id": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_ansible@3.3.1-4.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product_id": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-collection-redhat-satellite@3.6.0-3.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src"
},
"product_reference": "tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src"
},
"product_reference": "tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src"
},
"product_reference": "tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src"
},
"product_reference": "tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src as a component of Red Hat Satellite 6.11 for RHEL 7",
"product_id": "7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src"
},
"product_reference": "tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"relates_to_product_reference": "7Server-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src"
},
"product_reference": "ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.1.1.25-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src"
},
"product_reference": "foreman-0:3.1.1.25-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-0:3.1.1.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src"
},
"product_reference": "foreman-proxy-0:3.1.1.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch"
},
"product_reference": "foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src"
},
"product_reference": "rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.3.0.50-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.3.0.50-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.3.1-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
},
"product_reference": "rubygem-rack-0:2.2.3.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.11.4-2.el8sat.src as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src"
},
"product_reference": "satellite-0:6.11.4-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.11.4-2.el8sat.noarch as a component of Red Hat Satellite 6.11 for RHEL 8",
"product_id": "8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.11.4-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099519"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted multipart POST request may cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "RHBZ#2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-27T13:04:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: crafted multipart POST request may cause a DoS"
},
{
"cve": "CVE-2022-31163",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2022-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2110551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-tzinfo: arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
],
"known_not_affected": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31163"
},
{
"category": "external",
"summary": "RHBZ#2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
},
{
"category": "external",
"summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
"url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
}
],
"release_date": "2022-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-27T13:04:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite/index",
"product_ids": [
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7242"
},
{
"category": "workaround",
"details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
"product_ids": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11-capsule:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11-utils:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.noarch",
"7Server-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el7sat.src",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-0:3.1.1.25-1.el7sat.src",
"7Server-satellite-6.11:foreman-cli-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-debug-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-gce-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-journald-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el7sat.src",
"7Server-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-service-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch",
"7Server-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el7sat.src",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-0:6.11.4-2.el7sat.src",
"7Server-satellite-6.11:satellite-capsule-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-cli-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:satellite-common-0:6.11.4-2.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-foreman_webhooks-0:2.0.3-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-katello-0:4.3.0.50-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-rack-0:2.2.3.1-1.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-smart_proxy_ansible-0:3.3.1-4.el7sat.src",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.noarch",
"7Server-satellite-6.11:tfm-rubygem-tzinfo-0:1.2.10-1.el7sat.src",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11-capsule:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11-capsule:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11-capsule:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-capsule:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-capsule:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11-maintenance:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11-utils:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11-utils:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11-utils:satellite-common-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.noarch",
"8Base-satellite-6.11:ansible-collection-redhat-satellite-0:3.6.0-3.el8sat.src",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-0:3.1.1.25-1.el8sat.src",
"8Base-satellite-6.11:foreman-cli-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-debug-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-dynflow-sidekiq-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ec2-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-gce-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-journald-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-libvirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-openstack-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-ovirt-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-postgresql-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-proxy-0:3.1.1.3-1.el8sat.src",
"8Base-satellite-6.11:foreman-proxy-journald-0:3.1.1.3-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-service-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-telemetry-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:foreman-vmware-0:3.1.1.25-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_maintain-1:1.0.18-1.el8sat.src",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-foreman_webhooks-0:2.0.3-1.el8sat.src",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-katello-0:4.3.0.50-1.el8sat.src",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-rack-0:2.2.3.1-1.el8sat.src",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.noarch",
"8Base-satellite-6.11:rubygem-smart_proxy_ansible-0:3.3.1-4.el8sat.src",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.noarch",
"8Base-satellite-6.11:rubygem-tzinfo-0:1.2.10-1.el8sat.src",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-0:6.11.4-2.el8sat.src",
"8Base-satellite-6.11:satellite-capsule-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-cli-0:6.11.4-2.el8sat.noarch",
"8Base-satellite-6.11:satellite-common-0:6.11.4-2.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-tzinfo: arbitrary code execution"
}
]
}
SUSE-SU-2022:2526-1
Vulnerability from csaf_suse - Published: 2022-07-22 08:41 - Updated: 2022-07-22 08:41Summary
Security update for rubygem-rack
Notes
Title of the patch
Security update for rubygem-rack
Description of the patch
This update for rubygem-rack fixes the following issues:
- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)
- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)
The following non-security bug was fixed:
- Fixed a regression in CVE-2022-30122 patch (bsc#1201588).
Patchnames
SUSE-2022-2526,SUSE-OpenStack-Cloud-Crowbar-8-2022-2526,SUSE-OpenStack-Cloud-Crowbar-9-2022-2526
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-rack fixes the following issues:\n\n- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)\n- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)\n\nThe following non-security bug was fixed:\n\n- Fixed a regression in CVE-2022-30122 patch (bsc#1201588).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2526,SUSE-OpenStack-Cloud-Crowbar-8-2022-2526,SUSE-OpenStack-Cloud-Crowbar-9-2022-2526",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2526-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2526-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222526-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2526-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011630.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200748",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "self",
"summary": "SUSE Bug 1200750",
"url": "https://bugzilla.suse.com/1200750"
},
{
"category": "self",
"summary": "SUSE Bug 1201588",
"url": "https://bugzilla.suse.com/1201588"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "Security update for rubygem-rack",
"tracking": {
"current_release_date": "2022-07-22T08:41:50Z",
"generator": {
"date": "2022-07-22T08:41:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2526-1",
"initial_release_date": "2022-07-22T08:41:50Z",
"revision_history": [
{
"date": "2022-07-22T08:41:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.aarch64",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.aarch64",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.aarch64",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.i586",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.i586",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.i586",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.i586",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.i586",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.i586",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.ppc64le",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.ppc64le",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.ppc64le",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390x",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390x",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390x",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390x",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390x",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390x",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"product_id": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.x86_64",
"product_id": "ruby2.1-rubygem-rack-doc-1.6.13-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.x86_64",
"product_id": "ruby2.1-rubygem-rack-testsuite-1.6.13-3.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-22T08:41:50Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack-1.6.13-3.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-22T08:41:50Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
SUSE-SU-2022:2192-1
Vulnerability from csaf_suse - Published: 2022-06-27 15:13 - Updated: 2022-06-27 15:13Summary
Security update for rubygem-rack
Notes
Title of the patch
Security update for rubygem-rack
Description of the patch
This update for rubygem-rack fixes the following issues:
- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)
- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)
Patchnames
SUSE-2022-2192,SUSE-SLE-Product-HA-15-2022-2192,SUSE-SLE-Product-HA-15-SP1-2022-2192,SUSE-SLE-Product-HA-15-SP2-2022-2192,SUSE-SLE-Product-HA-15-SP3-2022-2192,SUSE-SLE-Product-HA-15-SP4-2022-2192,openSUSE-SLE-15.3-2022-2192,openSUSE-SLE-15.4-2022-2192
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-rack fixes the following issues:\n\n- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748)\n- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2192,SUSE-SLE-Product-HA-15-2022-2192,SUSE-SLE-Product-HA-15-SP1-2022-2192,SUSE-SLE-Product-HA-15-SP2-2022-2192,SUSE-SLE-Product-HA-15-SP3-2022-2192,SUSE-SLE-Product-HA-15-SP4-2022-2192,openSUSE-SLE-15.3-2022-2192,openSUSE-SLE-15.4-2022-2192",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2192-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2192-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222192-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2192-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011366.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200748",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "self",
"summary": "SUSE Bug 1200750",
"url": "https://bugzilla.suse.com/1200750"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30122 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-30123 page",
"url": "https://www.suse.com/security/cve/CVE-2022-30123/"
}
],
"title": "Security update for rubygem-rack",
"tracking": {
"current_release_date": "2022-06-27T15:13:56Z",
"generator": {
"date": "2022-06-27T15:13:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2192-1",
"initial_release_date": "2022-06-27T15:13:56Z",
"revision_history": [
{
"date": "2022-06-27T15:13:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"product_id": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"product_id": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"product_id": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.i586",
"product": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.i586",
"product_id": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.i586",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.i586",
"product_id": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.i586",
"product": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.i586",
"product_id": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"product_id": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"product_id": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"product_id": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"product": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"product_id": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"product_id": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"product": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"product_id": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"product_id": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"product_id": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"product_id": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30122"
}
],
"notes": [
{
"category": "general",
"text": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30122",
"url": "https://www.suse.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "SUSE Bug 1200748 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1200748"
},
{
"category": "external",
"summary": "SUSE Bug 1201588 for CVE-2022-30122",
"url": "https://bugzilla.suse.com/1201588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-27T15:13:56Z",
"details": "moderate"
}
],
"title": "CVE-2022-30122"
},
{
"cve": "CVE-2022-30123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-30123"
}
],
"notes": [
{
"category": "general",
"text": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-30123",
"url": "https://www.suse.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "SUSE Bug 1200750 for CVE-2022-30123",
"url": "https://bugzilla.suse.com/1200750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-27T15:13:56Z",
"details": "critical"
}
],
"title": "CVE-2022-30123"
}
]
}
FKIE_CVE-2022-30122
Vulnerability from fkie_nvd - Published: 2022-12-05 22:15 - Updated: 2024-11-21 07:02
Severity ?
Summary
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rack_project | rack | * | |
| rack_project | rack | * | |
| rack_project | rack | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442EB5AF-A390-4A62-8B4E-8A2C082864D3",
"versionEndExcluding": "2.0.9.1",
"versionStartIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E774AF-E7BB-45EB-B5E4-66F8F5D36285",
"versionEndExcluding": "2.1.4.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6145EE1D-85D5-4744-BA51-88EC52FF2891",
"versionEndExcluding": "2.2.3.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A possible denial of service vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 in the multipart parsing component of Rack."
},
{
"lang": "es",
"value": "Existe una posible vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en Rack \u0026lt;2.0.9.1, \u0026lt;2.1.4.1 y \u0026lt;2.2.3.1 en el componente de an\u00e1lisis multiparte de Rack."
}
],
"id": "CVE-2022-30122",
"lastModified": "2024-11-21T07:02:12.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-05T22:15:10.227",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5530"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-HXQX-XWVH-44M2
Vulnerability from github – Published: 2022-05-27 16:36 – Updated: 2023-08-28 13:59
VLAI?
Summary
Denial of Service Vulnerability in Rack Multipart Parsing
Details
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30122.
Versions Affected: >= 1.2 Not affected: < 1.2 Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1
Impact
Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.
Impacted code will use Rack's multipart parser to parse multipart posts. This includes directly using the multipart parser like this:
params = Rack::Multipart.parse_multipart(env)
But it also includes reading POST data from a Rack request object like this:
p request.POST # read POST data
p request.params # reads both query params and POST data
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workarounds
There are no feasible workarounds for this issue.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.9.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "1.2"
},
{
"fixed": "2.0.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.1.4.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "2.1"
},
{
"fixed": "2.1.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.2.3.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "2.2"
},
{
"fixed": "2.2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-30122"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-27T16:36:52Z",
"nvd_published_at": "2022-12-05T22:15:00Z",
"severity": "HIGH"
},
"details": "There is a possible denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30122.\n\nVersions Affected: \u003e= 1.2\nNot affected: \u003c 1.2\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.\n\nImpacted code will use Rack\u0027s multipart parser to parse multipart posts. This includes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n",
"id": "GHSA-hxqx-xwvh-44m2",
"modified": "2023-08-28T13:59:06Z",
"published": "2022-05-27T16:36:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"type": "WEB",
"url": "https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729"
},
{
"type": "PACKAGE",
"url": "https://github.com/rack/rack"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-18"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231208-0012"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5530"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service Vulnerability in Rack Multipart Parsing"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…