Vulnerability-Lookup

CVE-2022-42003 (GCVE-0-2022-42003)

Vulnerability from cvelistv5 – Published: 2022-10-02 00:00 – Updated: 2024-08-03 12:56

Summary

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/FasterXML/jackson-databind/iss…
https://github.com/FasterXML/jackson-databind/com…
https://bugs.chromium.org/p/oss-fuzz/issues/detai…
https://security.gentoo.org/glsa/202210-21	vendor-advisory
https://www.debian.org/security/2022/dsa-5283	vendor-advisory
https://security.netapp.com/advisory/ntap-2022112…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
          },
          {
            "name": "GLSA-202210-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T09:33:08.256Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
        },
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
        },
        {
          "name": "GLSA-202210-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-21"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42003",
    "datePublished": "2022-10-02T00:00:00.000Z",
    "dateReserved": "2022-10-02T00:00:00.000Z",
    "dateUpdated": "2024-08-03T12:56:39.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-42003",
      "date": "2026-05-28",
      "epss": "0.00317",
      "percentile": "0.54996"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.12.7.1\", \"matchCriteriaId\": \"0848F177-1977-4C9C-B91A-7374FF25F335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.13.0\", \"versionEndExcluding\": \"2.13.4.1\", \"matchCriteriaId\": \"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.13.3\", \"matchCriteriaId\": \"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"}, {\"lang\": \"es\", \"value\": \"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\\u00e1 activada. Versi\\u00f3n de correcci\\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}]",
      "id": "CVE-2022-42003",
      "lastModified": "2024-11-21T07:24:15.093",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-10-02T05:15:09.070",
      "references": "[{\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42003\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-02T05:15:09.070\",\"lastModified\":\"2024-11-21T07:24:15.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"},{\"lang\":\"es\",\"value\":\"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.7.1\",\"matchCriteriaId\":\"0848F177-1977-4C9C-B91A-7374FF25F335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.4.1\",\"matchCriteriaId\":\"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.3\",\"matchCriteriaId\":\"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2026-AVI-0556

Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15
VMware	Tanzu Greenplum	Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0
VMware	Tanzu	Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20
VMware	Tanzu Greenplum	Tanzu Greenplum Backup and Restore versions antérieures à1.33.0
VMware	Tanzu Greenplum	Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3
VMware	Tanzu	Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4
VMware	Tanzu Greenplum	Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0
VMware	Tanzu Greenplum	Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0
VMware	Tanzu Greenplum	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6
VMware	Tanzu Greenplum	Tanzu Greenplum Text versions antérieures à 4.0.0
VMware	Tanzu Greenplum	Tanzu Greenplum Streaming Server versions antérieures à 2.3.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0
VMware	Tanzu	Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0
VMware	Tanzu Gemfire	Tanzu GemFire versions antérieures à 10.2.3
VMware	Tanzu Greenplum	Tanzu Greenplum Upgrade versions antérieures à 2.0.0
VMware	Tanzu Greenplum	Tanzu Greenplumversions antérieures à 7.8.0
VMware	Tanzu Gemfire	Tanzu GemFire Vector Database versions antérieures à 1.2.2
VMware	Tanzu Greenplum	Tanzu Greenplum versions antérieures à 6.33.0
VMware	Tanzu Greenplum	Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11
VMware	Tanzu	Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3

References

Title

Publication Time

CERTFR-2026-AVI-0627

Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.2.x antérieures à 10.2.3
Splunk	N/A	Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9
Splunk	Splunk	image Docker Splunk versions 10.2.x antérieures à 10.2.2
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1
Splunk	Splunk AppDynamics Database Agent	Splunk AppDynamics Database Agent versions antérieures à 26.4.0
Splunk	Splunk	image Docker Splunk versions 9.4.x antérieures à 9.4.10
Splunk	Splunk User Behavior Analytics (UBA)	Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5
Splunk	Splunk AppDynamics Private Synthetic Agent	Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Analytics Agent	Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0
Splunk	N/A	Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Machine Agent	Splunk AppDynamics Machine Agent versions antérieures à 26.4.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11
Splunk	N/A	Splunk AppDynamics Python Agent versions antérieures à 26.4.1
Splunk	Splunk	image Docker Splunk versions 10.0.x antérieures à 10.0.5
Splunk	N/A	Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.6
Splunk	N/A	Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.11
Splunk	Splunk	image Docker Splunk versions 9.3.x antérieures à 9.3.11
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.12
Splunk	Splunk AppDynamics Java Agent	Splunk AppDynamics Java Agent versions antérieures à 26.4.0

References

Title

Publication Time

FKIE_CVE-2022-42003

Vulnerability from fkie_nvd - Published: 2022-10-02 05:15 - Updated: 2024-11-21 07:24

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020	Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
cve@mitre.org	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33	Patch, Third Party Advisory
cve@mitre.org	https://github.com/FasterXML/jackson-databind/issues/3590	Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html	Mailing List, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202210-21	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20221124-0004/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5283	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020	Exploit, Issue Tracking, Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FasterXML/jackson-databind/issues/3590	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202210-21	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221124-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5283	Third Party Advisory

Impacted products

Vendor	Product	Version
fasterxml	jackson-databind	*
fasterxml	jackson-databind	*
quarkus	quarkus	*
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	oncommand_workflow_automation	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0848F177-1977-4C9C-B91A-7374FF25F335",
              "versionEndExcluding": "2.12.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B",
              "versionEndExcluding": "2.13.4.1",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8",
              "versionEndExcluding": "2.13.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
    },
    {
      "lang": "es",
      "value": "En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1"
    }
  ],
  "id": "CVE-2022-42003",
  "lastModified": "2024-11-21T07:24:15.093",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-02T05:15:09.070",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-21"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5283"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JJJH-JJXP-WPFF

Vulnerability from github – Published: 2022-10-03 00:00 – Updated: 2024-09-13 18:29

Summary

Uncontrolled Resource Consumption in Jackson-databind

Details

In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.

Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc.

Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.

The 2.13.4.1 release does fix this issue, however it also references a non-existent jackson-bom which causes build failures for gradle users. See https://github.com/FasterXML/jackson-databind/issues/3627#issuecomment-1277957548 for details. This is fixed in 2.13.4.2 which is listed in the advisory metadata so that users are not subjected to unnecessary build failures

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.fasterxml.jackson.core:jackson-databind"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0-rc1"
            },
            {
              "fixed": "2.12.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.fasterxml.jackson.core:jackson-databind"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.13.0"
            },
            {
              "fixed": "2.13.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-42003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-04T21:55:46Z",
    "nvd_published_at": "2022-10-02T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.\n\nCommits that introduced vulnerable code are \nhttps://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc.\n\nFix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\n\nThe `2.13.4.1` release does fix this issue, however it also references a non-existent jackson-bom which causes build failures for gradle users. See https://github.com/FasterXML/jackson-databind/issues/3627#issuecomment-1277957548 for details. This is fixed in `2.13.4.2` which is listed in the advisory metadata so that users are not subjected to unnecessary build failures",
  "id": "GHSA-jjjh-jjxp-wpff",
  "modified": "2024-09-13T18:29:13Z",
  "published": "2022-10-03T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/issues/3627"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5283"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221124-0004"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-21"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174\u0026branch=jackson-databind-2.4.0-rc1\u0026qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FasterXML/jackson-databind"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Resource Consumption in Jackson-databind"
}

GSD-2022-42003

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

Aliases

CVE-2022-42003

Aliases

CVE-2022-42003

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-42003",
    "description": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
    "id": "GSD-2022-42003",
    "references": [
      "https://www.debian.org/security/2022/dsa-5283",
      "https://access.redhat.com/errata/RHSA-2022:7435",
      "https://access.redhat.com/errata/RHSA-2022:8781",
      "https://access.redhat.com/errata/RHSA-2022:8876",
      "https://access.redhat.com/errata/RHSA-2022:8889",
      "https://access.redhat.com/errata/RHSA-2022:9023",
      "https://access.redhat.com/errata/RHSA-2022:9032",
      "https://access.redhat.com/errata/RHSA-2023:0189",
      "https://www.suse.com/security/cve/CVE-2022-42003.html",
      "https://access.redhat.com/errata/RHSA-2023:0264",
      "https://access.redhat.com/errata/RHSA-2023:0469",
      "https://access.redhat.com/errata/RHSA-2023:0471",
      "https://access.redhat.com/errata/RHSA-2023:0552",
      "https://access.redhat.com/errata/RHSA-2023:0553",
      "https://access.redhat.com/errata/RHSA-2023:0554",
      "https://access.redhat.com/errata/RHSA-2023:0556",
      "https://access.redhat.com/errata/RHSA-2023:0713",
      "https://access.redhat.com/errata/RHSA-2023:1043",
      "https://access.redhat.com/errata/RHSA-2023:1044",
      "https://access.redhat.com/errata/RHSA-2023:1045",
      "https://access.redhat.com/errata/RHSA-2023:1047",
      "https://access.redhat.com/errata/RHSA-2023:1049",
      "https://access.redhat.com/errata/RHSA-2023:1006",
      "https://access.redhat.com/errata/RHSA-2023:1064"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-42003"
      ],
      "details": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1",
      "id": "GSD-2022-42003",
      "modified": "2023-12-13T01:19:10.387438Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-42003",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FasterXML/jackson-databind/issues/3590",
            "refsource": "MISC",
            "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
          },
          {
            "name": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33",
            "refsource": "MISC",
            "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
          },
          {
            "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
          },
          {
            "name": "GLSA-202210-21",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "name": "DSA-5283",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20221124-0004/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.12.7.1),[2.13.0,2.13.4.1)",
          "affected_versions": "All versions before 2.12.7.1, all versions starting from 2.13.0 before 2.13.4.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2022-12-02",
          "description": "In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
          "fixed_versions": [
            "2.12.7.1",
            "2.13.4.1"
          ],
          "identifier": "CVE-2022-42003",
          "identifiers": [
            "CVE-2022-42003"
          ],
          "not_impacted": "",
          "package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
          "pubdate": "2022-10-02",
          "solution": "Upgrade to versions 2.12.7.1, 2.13.4.1 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
            "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33",
            "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020",
            "https://github.com/FasterXML/jackson-databind/issues/3590"
          ],
          "uuid": "e85a7b3f-c3c8-4237-bcf1-86d0ec91c9ff"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0848F177-1977-4C9C-B91A-7374FF25F335",
                    "versionEndExcluding": "2.12.7.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B",
                    "versionEndExcluding": "2.13.4.1",
                    "versionStartIncluding": "2.13.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8",
                    "versionEndExcluding": "2.13.3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
          },
          {
            "lang": "es",
            "value": "En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1"
          }
        ],
        "id": "CVE-2022-42003",
        "lastModified": "2023-12-20T10:15:07.580",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-10-02T05:15:09.070",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-502"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

NCSC-2024-0231

Vulnerability from csaf_ncscnl - Published: 2024-05-22 11:13 - Updated: 2024-05-22 11:13

Summary

Kwetsbaarheden verholpen in Atlassian producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Atlassian heeft kwetsbaarheden verholpen in diverse producten, zoals Jira, Confluence en Bitbucket.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Cross-Site Request Forgery (XSRF) - Denial-of-Service (DoS) - Omzeilen van authenticatie - (Remote) code execution (Administrator/Root rechten) - (Remote) code execution (Gebruikersrechten) - SQL Injection - Toegang tot systeemgegevens

Oplossingen: Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie: https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html

Kans: medium

Schade: high

CWE-284: Improper Access Control

CWE-20: Improper Input Validation

CWE-281: Improper Preservation of Permissions

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-459: Incomplete Cleanup

CWE-502: Deserialization of Untrusted Data

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-913: Improper Control of Dynamically-Managed Code Resources

CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2017-7656

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVE-2017-9735

CVE-2020-10672

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-10673

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-10968

CWE-502 - Deserialization of Untrusted Data

CVE-2020-10969

CWE-502 - Deserialization of Untrusted Data

CVE-2020-11111

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-11112

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-11113

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-24616

CVE-2020-35728

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CVE-2020-36179

CWE-502 - Deserialization of Untrusted Data

CVE-2020-36180

CWE-502 - Deserialization of Untrusted Data

CVE-2020-36181

CWE-502 - Deserialization of Untrusted Data

CVE-2020-36182

CWE-502 - Deserialization of Untrusted Data

CVE-2020-36184

CWE-502 - Deserialization of Untrusted Data

CVE-2020-36188

CWE-502 - Deserialization of Untrusted Data

CVE-2021-28165

CWE-400 - Uncontrolled Resource Consumption

CVE-2022-25647

CWE-502 - Deserialization of Untrusted Data

CVE-2022-41966

CWE-502 - Deserialization of Untrusted Data

CVE-2022-42003

CWE-404 - Improper Resource Shutdown or Release

CVE-2023-4759

CVE-2023-34396

CVE-2023-41835

CWE-913 - Improper Control of Dynamically-Managed Code Resources

CVE-2023-45859

CWE-281 - Improper Preservation of Permissions

CVE-2024-1597

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-21634

CWE-770 - Allocation of Resources Without Limits or Throttling

CVE-2024-21683

CVE-2024-22257

CWE-284 - Improper Access Control

CVE-2024-22262

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVE-2024-23672

CWE-459 - Incomplete Cleanup

CVE-2024-24549

CWE-20 - Improper Input Validation

References

33 references

URL	Category
https://confluence.atlassian.com/pages/viewpage.a…	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2017…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2017…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2020…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten, zoals Jira, Confluence en Bitbucket.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site Request Forgery (XSRF)\n- Denial-of-Service (DoS)\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- SQL Injection\n- Toegang tot systeemgegevens\n",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie:\n\nhttps://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Preservation of Permissions",
        "title": "CWE-281"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Incomplete Cleanup",
        "title": "CWE-459"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
        "title": "CWE-89"
      },
      {
        "category": "general",
        "text": "Improper Control of Dynamically-Managed Code Resources",
        "title": "CWE-913"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
        "title": "CWE-96"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; nvd",
        "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1387867145"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Atlassian producten",
    "tracking": {
      "current_release_date": "2024-05-22T11:13:07.693855Z",
      "id": "NCSC-2024-0231",
      "initial_release_date": "2024-05-22T11:13:07.693855Z",
      "revision_history": [
        {
          "date": "2024-05-22T11:13:07.693855Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "bamboo",
            "product": {
              "name": "bamboo",
              "product_id": "CSAFPID-716889",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "bitbucket",
            "product": {
              "name": "bitbucket",
              "product_id": "CSAFPID-344199",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "confluence",
            "product": {
              "name": "confluence",
              "product_id": "CSAFPID-551338",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "crowd",
            "product": {
              "name": "crowd",
              "product_id": "CSAFPID-344399",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jira_service_management",
            "product": {
              "name": "jira_service_management",
              "product_id": "CSAFPID-343852",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jira_service_management",
            "product": {
              "name": "jira_service_management",
              "product_id": "CSAFPID-343851",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jira",
            "product": {
              "name": "jira",
              "product_id": "CSAFPID-98204",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7656",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2017-7656",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-7656.json"
        }
      ],
      "title": "CVE-2017-7656"
    },
    {
      "cve": "CVE-2017-9735",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2017-9735",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-9735.json"
        }
      ],
      "title": "CVE-2017-9735"
    },
    {
      "cve": "CVE-2020-10672",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-10672",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10672.json"
        }
      ],
      "title": "CVE-2020-10672"
    },
    {
      "cve": "CVE-2020-10673",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-10673",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10673.json"
        }
      ],
      "title": "CVE-2020-10673"
    },
    {
      "cve": "CVE-2020-10968",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-10968",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10968.json"
        }
      ],
      "title": "CVE-2020-10968"
    },
    {
      "cve": "CVE-2020-10969",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-10969",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10969.json"
        }
      ],
      "title": "CVE-2020-10969"
    },
    {
      "cve": "CVE-2020-11111",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11111",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11111.json"
        }
      ],
      "title": "CVE-2020-11111"
    },
    {
      "cve": "CVE-2020-11112",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11112",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11112.json"
        }
      ],
      "title": "CVE-2020-11112"
    },
    {
      "cve": "CVE-2020-11113",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11113",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11113.json"
        }
      ],
      "title": "CVE-2020-11113"
    },
    {
      "cve": "CVE-2020-24616",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-24616",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-24616.json"
        }
      ],
      "title": "CVE-2020-24616"
    },
    {
      "cve": "CVE-2020-35728",
      "cwe": {
        "id": "CWE-96",
        "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
          "title": "CWE-96"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-35728",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-35728.json"
        }
      ],
      "title": "CVE-2020-35728"
    },
    {
      "cve": "CVE-2020-36179",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36179",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36179.json"
        }
      ],
      "title": "CVE-2020-36179"
    },
    {
      "cve": "CVE-2020-36180",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36180",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36180.json"
        }
      ],
      "title": "CVE-2020-36180"
    },
    {
      "cve": "CVE-2020-36181",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36181",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36181.json"
        }
      ],
      "title": "CVE-2020-36181"
    },
    {
      "cve": "CVE-2020-36182",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36182.json"
        }
      ],
      "title": "CVE-2020-36182"
    },
    {
      "cve": "CVE-2020-36184",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36184",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36184.json"
        }
      ],
      "title": "CVE-2020-36184"
    },
    {
      "cve": "CVE-2020-36188",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-36188",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36188.json"
        }
      ],
      "title": "CVE-2020-36188"
    },
    {
      "cve": "CVE-2021-28165",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-28165",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28165.json"
        }
      ],
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2022-25647",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-25647",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25647.json"
        }
      ],
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-41966",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41966",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41966.json"
        }
      ],
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-42003",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42003.json"
        }
      ],
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2023-4759",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4759",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
        }
      ],
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-34396",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-34396",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34396.json"
        }
      ],
      "title": "CVE-2023-34396"
    },
    {
      "cve": "CVE-2023-41835",
      "cwe": {
        "id": "CWE-913",
        "name": "Improper Control of Dynamically-Managed Code Resources"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Dynamically-Managed Code Resources",
          "title": "CWE-913"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-41835",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41835.json"
        }
      ],
      "title": "CVE-2023-41835"
    },
    {
      "cve": "CVE-2023-45859",
      "cwe": {
        "id": "CWE-281",
        "name": "Improper Preservation of Permissions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Preservation of Permissions",
          "title": "CWE-281"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45859",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45859.json"
        }
      ],
      "title": "CVE-2023-45859"
    },
    {
      "cve": "CVE-2024-1597",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-1597",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1597.json"
        }
      ],
      "title": "CVE-2024-1597"
    },
    {
      "cve": "CVE-2024-21634",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21634",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21634.json"
        }
      ],
      "title": "CVE-2024-21634"
    },
    {
      "cve": "CVE-2024-21683",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21683",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21683.json"
        }
      ],
      "title": "CVE-2024-21683"
    },
    {
      "cve": "CVE-2024-22257",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22257",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
        }
      ],
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2024-22262",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
        }
      ],
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-23672",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incomplete Cleanup",
          "title": "CWE-459"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-23672",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
        }
      ],
      "title": "CVE-2024-23672"
    },
    {
      "cve": "CVE-2024-24549",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-24549",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
        }
      ],
      "title": "CVE-2024-24549"
    }
  ]
}

NCSC-2024-0305

Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:55 - Updated: 2024-07-17 13:55

Summary

Kwetsbaarheden verholpen in Oracle Siebel CRM

Notes

Feiten: Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: * Denial-of-Service (DoS) * Toegang tot gevoelige gegevens * Toegang tot systeemgegevens * Manipulatie van gegevens * (Remote) code execution (Gebruikersrechten)

Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.

Kans: medium

Schade: high

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

CWE-158: Improper Neutralization of Null Byte or NUL Character

CWE-192: Integer Coercion Error

CWE-20: Improper Input Validation

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-295: Improper Certificate Validation

CWE-325: Missing Cryptographic Step

CWE-404: Improper Resource Shutdown or Release

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-502: Deserialization of Untrusted Data

CWE-681: Incorrect Conversion between Numeric Types

CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CVE-2021-36090

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2022-34169

CWE-192 - Integer Coercion Error

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2022-37434

CWE-787 - Out-of-bounds Write

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2022-42003

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-5072

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-5678

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 4 products

Product	Identifier	Version
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-5764

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine

Affected products

Known affected 4 products

Product	Identifier	Version
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-22081

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-295 - Improper Certificate Validation

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-41105

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-158 - Improper Neutralization of Null Byte or NUL Character

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-46589

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 5 products

Product	Identifier	Version
siebel_crm oracle	`cpe:2.3:a:oracle:siebel_crm::::::::`	—
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

CVE-2023-47627

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 4 products

Product	Identifier	Version
siebel_crm_cloud_applications oracle	`cpe:2.3:a:oracle:siebel_crm_cloud_applications::::::::`	—
siebel_crm_deployment oracle	`cpe:2.3:a:oracle:siebel_crm_deployment::::::::`	—
siebel_crm_end_user oracle	`cpe:2.3:a:oracle:siebel_crm_end_user::::::::`	—
siebel_crm_integration oracle	`cpe:2.3:a:oracle:siebel_crm_integration::::::::`	—

References

26 references

URL	Category
https://nvd.nist.gov/vuln/detail/CVE-2021-36090	external
https://nvd.nist.gov/vuln/detail/CVE-2022-34169	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37434	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
https://nvd.nist.gov/vuln/detail/CVE-2023-22081	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-41105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-46589	external
https://nvd.nist.gov/vuln/detail/CVE-2023-47627	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5072	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5678	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5764	external
https://www.oracle.com/docs/tech/security-alerts/…	external
https://www.oracle.com/security-alerts/cpujul2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2021…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements Used in a Template Engine",
        "title": "CWE-1336"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Null Byte or NUL Character",
        "title": "CWE-158"
      },
      {
        "category": "general",
        "text": "Integer Coercion Error",
        "title": "CWE-192"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Missing Cryptographic Step",
        "title": "CWE-325"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "Deserialization of Untrusted Data",
        "title": "CWE-502"
      },
      {
        "category": "general",
        "text": "Incorrect Conversion between Numeric Types",
        "title": "CWE-681"
      },
      {
        "category": "general",
        "text": "Improper Check for Unusual or Exceptional Conditions",
        "title": "CWE-754"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22081"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764"
      },
      {
        "category": "external",
        "summary": "Reference - oracle",
        "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; ibm; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Siebel CRM",
    "tracking": {
      "current_release_date": "2024-07-17T13:55:31.923970Z",
      "id": "NCSC-2024-0305",
      "initial_release_date": "2024-07-17T13:55:31.923970Z",
      "revision_history": [
        {
          "date": "2024-07-17T13:55:31.923970Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "siebel_crm_cloud_applications",
            "product": {
              "name": "siebel_crm_cloud_applications",
              "product_id": "CSAFPID-1503695",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm_deployment",
            "product": {
              "name": "siebel_crm_deployment",
              "product_id": "CSAFPID-1503697",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm_end_user",
            "product": {
              "name": "siebel_crm_end_user",
              "product_id": "CSAFPID-1503700",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm_integration",
            "product": {
              "name": "siebel_crm_integration",
              "product_id": "CSAFPID-1503702",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm",
            "product": {
              "name": "siebel_crm",
              "product_id": "CSAFPID-764293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm",
            "product": {
              "name": "siebel_crm",
              "product_id": "CSAFPID-345046",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm:23.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siebel_crm",
            "product": {
              "name": "siebel_crm",
              "product_id": "CSAFPID-220191",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:siebel_crm:23.5:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-36090",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-36090",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-36090.json"
        }
      ],
      "title": "CVE-2021-36090"
    },
    {
      "cve": "CVE-2022-34169",
      "cwe": {
        "id": "CWE-192",
        "name": "Integer Coercion Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Coercion Error",
          "title": "CWE-192"
        },
        {
          "category": "other",
          "text": "Incorrect Conversion between Numeric Types",
          "title": "CWE-681"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-34169",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
        }
      ],
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-37434",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-37434",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37434.json"
        }
      ],
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Deserialization of Untrusted Data",
          "title": "CWE-502"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-42003",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42003.json"
        }
      ],
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2023-5072",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5072",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764293",
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Unusual or Exceptional Conditions",
          "title": "CWE-754"
        },
        {
          "category": "other",
          "text": "Missing Cryptographic Step",
          "title": "CWE-325"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5678",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5764",
      "cwe": {
        "id": "CWE-1336",
        "name": "Improper Neutralization of Special Elements Used in a Template Engine"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements Used in a Template Engine",
          "title": "CWE-1336"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5764",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5764.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-5764"
    },
    {
      "cve": "CVE-2023-22081",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-22081",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-22081.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764293",
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-22081"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764293",
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-41105",
      "cwe": {
        "id": "CWE-158",
        "name": "Improper Neutralization of Null Byte or NUL Character"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Null Byte or NUL Character",
          "title": "CWE-158"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-41105",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41105.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764293",
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-41105"
    },
    {
      "cve": "CVE-2023-46589",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-764293",
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46589",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-764293",
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-46589"
    },
    {
      "cve": "CVE-2023-47627",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1503695",
          "CSAFPID-1503697",
          "CSAFPID-1503700",
          "CSAFPID-1503702"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-47627",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47627.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1503695",
            "CSAFPID-1503697",
            "CSAFPID-1503700",
            "CSAFPID-1503702"
          ]
        }
      ],
      "title": "CVE-2023-47627"
    }
  ]
}

OPENSUSE-SU-2024:12412-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

jackson-databind-2.13.4.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: jackson-databind-2.13.4.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the jackson-databind-2.13.4.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12412

CVE-2022-42003

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42004

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

7 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2022-42003/	self
https://www.suse.com/security/cve/CVE-2022-42004/	self
https://www.suse.com/security/cve/CVE-2022-42003	external
https://www.suse.com/security/cve/CVE-2022-42004	external
https://bugzilla.suse.com/1204369	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "jackson-databind-2.13.4.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the jackson-databind-2.13.4.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12412",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12412-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42003 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42003/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42004 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42004/"
      }
    ],
    "title": "jackson-databind-2.13.4.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12412-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jackson-databind-2.13.4.2-1.1.aarch64",
                "product": {
                  "name": "jackson-databind-2.13.4.2-1.1.aarch64",
                  "product_id": "jackson-databind-2.13.4.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
                "product": {
                  "name": "jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
                  "product_id": "jackson-databind-javadoc-2.13.4.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jackson-databind-2.13.4.2-1.1.ppc64le",
                "product": {
                  "name": "jackson-databind-2.13.4.2-1.1.ppc64le",
                  "product_id": "jackson-databind-2.13.4.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
                "product": {
                  "name": "jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
                  "product_id": "jackson-databind-javadoc-2.13.4.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jackson-databind-2.13.4.2-1.1.s390x",
                "product": {
                  "name": "jackson-databind-2.13.4.2-1.1.s390x",
                  "product_id": "jackson-databind-2.13.4.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "jackson-databind-javadoc-2.13.4.2-1.1.s390x",
                "product": {
                  "name": "jackson-databind-javadoc-2.13.4.2-1.1.s390x",
                  "product_id": "jackson-databind-javadoc-2.13.4.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jackson-databind-2.13.4.2-1.1.x86_64",
                "product": {
                  "name": "jackson-databind-2.13.4.2-1.1.x86_64",
                  "product_id": "jackson-databind-2.13.4.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "jackson-databind-javadoc-2.13.4.2-1.1.x86_64",
                "product": {
                  "name": "jackson-databind-javadoc-2.13.4.2-1.1.x86_64",
                  "product_id": "jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-2.13.4.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64"
        },
        "product_reference": "jackson-databind-2.13.4.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-2.13.4.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le"
        },
        "product_reference": "jackson-databind-2.13.4.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-2.13.4.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x"
        },
        "product_reference": "jackson-databind-2.13.4.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-2.13.4.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64"
        },
        "product_reference": "jackson-databind-2.13.4.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-javadoc-2.13.4.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64"
        },
        "product_reference": "jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-javadoc-2.13.4.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le"
        },
        "product_reference": "jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-javadoc-2.13.4.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x"
        },
        "product_reference": "jackson-databind-javadoc-2.13.4.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jackson-databind-javadoc-2.13.4.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
        },
        "product_reference": "jackson-databind-javadoc-2.13.4.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42003",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42003"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42003",
          "url": "https://www.suse.com/security/cve/CVE-2022-42003"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42004"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
          "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
          "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42004",
          "url": "https://www.suse.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204369 for CVE-2022-42004",
          "url": "https://bugzilla.suse.com/1204369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-2.13.4.2-1.1.x86_64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.aarch64",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.ppc64le",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.s390x",
            "openSUSE Tumbleweed:jackson-databind-javadoc-2.13.4.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42004"
    }
  ]
}

OPENSUSE-SU-2024:14395-1

Vulnerability from csaf_opensuse - Published: 2024-10-11 00:00 - Updated: 2024-10-11 00:00

Summary

java-jwt-4.4.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-jwt-4.4.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-jwt-4.4.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-14395

CVE-2022-42003

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-jwt-4.4.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-4.4.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-4.4.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-4.4.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

6 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://www.suse.com/security/cve/CVE-2022-42003/	self
https://www.suse.com/security/cve/CVE-2022-42003	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-jwt-4.4.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-jwt-4.4.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14395",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14395-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2024:14395-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYI4ADCB2LJNS7XDQPTGN4DUUKYXS5OF/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2024:14395-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYI4ADCB2LJNS7XDQPTGN4DUUKYXS5OF/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42003 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42003/"
      }
    ],
    "title": "java-jwt-4.4.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-10-11T00:00:00Z",
      "generator": {
        "date": "2024-10-11T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14395-1",
      "initial_release_date": "2024-10-11T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-10-11T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-jwt-4.4.0-1.1.aarch64",
                "product": {
                  "name": "java-jwt-4.4.0-1.1.aarch64",
                  "product_id": "java-jwt-4.4.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-jwt-javadoc-4.4.0-1.1.aarch64",
                "product": {
                  "name": "java-jwt-javadoc-4.4.0-1.1.aarch64",
                  "product_id": "java-jwt-javadoc-4.4.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-jwt-4.4.0-1.1.ppc64le",
                "product": {
                  "name": "java-jwt-4.4.0-1.1.ppc64le",
                  "product_id": "java-jwt-4.4.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-jwt-javadoc-4.4.0-1.1.ppc64le",
                "product": {
                  "name": "java-jwt-javadoc-4.4.0-1.1.ppc64le",
                  "product_id": "java-jwt-javadoc-4.4.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-jwt-4.4.0-1.1.s390x",
                "product": {
                  "name": "java-jwt-4.4.0-1.1.s390x",
                  "product_id": "java-jwt-4.4.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-jwt-javadoc-4.4.0-1.1.s390x",
                "product": {
                  "name": "java-jwt-javadoc-4.4.0-1.1.s390x",
                  "product_id": "java-jwt-javadoc-4.4.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-jwt-4.4.0-1.1.x86_64",
                "product": {
                  "name": "java-jwt-4.4.0-1.1.x86_64",
                  "product_id": "java-jwt-4.4.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-jwt-javadoc-4.4.0-1.1.x86_64",
                "product": {
                  "name": "java-jwt-javadoc-4.4.0-1.1.x86_64",
                  "product_id": "java-jwt-javadoc-4.4.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-4.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.aarch64"
        },
        "product_reference": "java-jwt-4.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-4.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.ppc64le"
        },
        "product_reference": "java-jwt-4.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-4.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.s390x"
        },
        "product_reference": "java-jwt-4.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-4.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.x86_64"
        },
        "product_reference": "java-jwt-4.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-javadoc-4.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.aarch64"
        },
        "product_reference": "java-jwt-javadoc-4.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-javadoc-4.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.ppc64le"
        },
        "product_reference": "java-jwt-javadoc-4.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-javadoc-4.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.s390x"
        },
        "product_reference": "java-jwt-javadoc-4.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-jwt-javadoc-4.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.x86_64"
        },
        "product_reference": "java-jwt-javadoc-4.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42003",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42003"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.s390x",
          "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.s390x",
          "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42003",
          "url": "https://www.suse.com/security/cve/CVE-2022-42003"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.s390x",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.s390x",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.s390x",
            "openSUSE Tumbleweed:java-jwt-4.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.s390x",
            "openSUSE Tumbleweed:java-jwt-javadoc-4.4.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-10-11T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42003"
    }
  ]
}

RHSA-2022:7435

Vulnerability from csaf_redhat - Published: 2022-11-16 12:13 - Updated: 2026-04-30 16:21

Summary

Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update

Severity

Moderate

Notes

Topic: An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Logging Subsystem 5.4.8 - Red Hat OpenShift Security Fix(es): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-36518

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64	—	Vendor Fix fix

Known not affected 55 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64		—

Threats

Impact Moderate

CVE-2022-32149

A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64	—	Vendor Fix fix

Known not affected 55 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64		—

Threats

Impact Moderate

CVE-2022-42003

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64	—	Vendor Fix fix

Known not affected 46 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64		—

Threats

Impact Moderate

CVE-2022-42004

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64	—	Vendor Fix fix

Known not affected 46 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64		—
Unresolved product id: 8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64		—

Threats

Impact Moderate

References

28 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:7435	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064698	external
https://bugzilla.redhat.com/show_bug.cgi?id=2134010	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://issues.redhat.com/browse/LOG-3250	external
https://issues.redhat.com/browse/LOG-3252	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-36518	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064698	external
https://www.cve.org/CVERecord?id=CVE-2020-36518	external
https://nvd.nist.gov/vuln/detail/CVE-2020-36518	external
https://github.com/advisories/GHSA-57j2-w4cx-62h2	external
https://access.redhat.com/security/cve/CVE-2022-32149	self
https://bugzilla.redhat.com/show_bug.cgi?id=2134010	external
https://www.cve.org/CVERecord?id=CVE-2022-32149	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32149	external
https://go.dev/issue/56152	external
https://groups.google.com/g/golang-dev/c/qfPIly0X7aU	external
https://access.redhat.com/security/cve/CVE-2022-42003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://www.cve.org/CVERecord?id=CVE-2022-42003	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
https://access.redhat.com/security/cve/CVE-2022-42004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://www.cve.org/CVERecord?id=CVE-2022-42004	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42004	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Logging subsystem for Red Hat OpenShift 5.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Logging Subsystem 5.4.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7435",
        "url": "https://access.redhat.com/errata/RHSA-2022:7435"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2064698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
      },
      {
        "category": "external",
        "summary": "2134010",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
      },
      {
        "category": "external",
        "summary": "2135244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
      },
      {
        "category": "external",
        "summary": "2135247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
      },
      {
        "category": "external",
        "summary": "LOG-3250",
        "url": "https://issues.redhat.com/browse/LOG-3250"
      },
      {
        "category": "external",
        "summary": "LOG-3252",
        "url": "https://issues.redhat.com/browse/LOG-3252"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7435.json"
      }
    ],
    "title": "Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update",
    "tracking": {
      "current_release_date": "2026-04-30T16:21:27+00:00",
      "generator": {
        "date": "2026-04-30T16:21:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2022:7435",
      "initial_release_date": "2022-11-16T12:13:01+00:00",
      "revision_history": [
        {
          "date": "2022-11-16T12:13:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-11-16T12:13:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:21:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOL 5.4 for RHEL 8",
                "product": {
                  "name": "RHOL 5.4 for RHEL 8",
                  "product_id": "8Base-RHOL-5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "logging for Red Hat OpenShift"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
                  "product_id": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
                  "product_id": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
                  "product_id": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.8-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.4.8-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.8-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.4.8-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-300"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-74"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-246"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-265"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-55"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-302"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
                "product": {
                  "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
                  "product_id": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-51"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
                "product": {
                  "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
                  "product_id": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
                "product": {
                  "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
                  "product_id": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.4.8-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
                "product": {
                  "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
                  "product_id": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.8-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
                "product": {
                  "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
                  "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.8-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
                "product": {
                  "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
                  "product_id": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.8-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le"
        },
        "product_reference": "openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64"
        },
        "product_reference": "openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64"
        },
        "product_reference": "openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64"
        },
        "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x"
        },
        "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64 as a component of RHOL 5.4 for RHEL 8",
          "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
        },
        "product_reference": "openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64",
        "relates_to_product_reference": "8Base-RHOL-5.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36518",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064698"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: denial of service via a large depth of nested objects",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-36518"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064698",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
          "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
        }
      ],
      "release_date": "2020-08-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-16T12:13:01+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7435"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: denial of service via a large depth of nested objects"
    },
    {
      "cve": "CVE-2022-32149",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "discovery_date": "2022-10-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2134010"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32149"
        },
        {
          "category": "external",
          "summary": "RHBZ#2134010",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/56152",
          "url": "https://go.dev/issue/56152"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
          "url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
        }
      ],
      "release_date": "2022-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-16T12:13:01+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7435"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-16T12:13:01+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7435"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
    },
    {
      "cve": "CVE-2022-42004",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135247"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: use of deeply nested arrays",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
          "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
          "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
          "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
          "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
          "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
          "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
          "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
          "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
          "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135247",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-16T12:13:01+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7435"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:cb26d9e55f781dd535901a90f1ec2f8e02e8e1de72c0fde638c90fcc228ec4b2_amd64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:617cc8b0011110981674b75fe1e3041bfa434c952e4a0193818b971edbc7a480_s390x",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:637df49756fe85e7b38b279ffa7672d72c658d3d47df7f9dada2dd70563af83b_arm64",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:aa1602fe2abe23bd8a4c791bc45d425686a6e6d1aab4face0fac28bfc7cebbe1_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:c698b52c46d41007e5ac4f90b9540d430820bd20a93468fddd3a949c7ef5b332_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:7659606e0418a1920161b7ca67524ea6a7b1ed366b817f1a5cde0b346152243c_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:4f4e5bb267ad391bc0fc6a010ec9ecdf3bf48d5b6e9db0d2510960c13c97bd71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9c2e58b39dc3de97013f8806178f6327bf2e4590fe55db144527d64d468f64f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:c9a2b9e7cca14d9596ccbe0f64e2abe4452f91f029f42eefead43c9f526f6a58_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:e38c55762c1eef39b401c46d44c899067b1566173e1ce239f17a95c52b30d8c7_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:2005f41e59a130bb86c2ec47d1b060e3e2ed32f9a4cef3897e2c05fc94043dbb_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:6a55934cf7af0c03e06d4ec7a15a80acf53491fb7a183c16fdf8018fbf9b4174_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:8ce04536772f31ad022b9c66cddc090d2962b44d66c06a1db56d1447be198326_amd64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:dd211d42eaad043d9bdb519e3ad6a86255b7280a2cdf47dd3fe0458a77cb110f_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:17a9f3ae042b92693a374e3d60a07f2ab2e52419f8df25d446dd0654f6a858f6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:5b1cfc2f9a96601439cf17d1fe49a6bc6cad3b7273af87b23528090aefbfd915_s390x",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:8e0ba10f91db4cb8786d0501ec33a3d54f7c7c5337e0495cc2286a6ea20cca20_arm64",
            "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:fa8182b69328077500f89becc7621b48efa8d99f34247c2e6855dcfec13980e3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:4438a3bba34418a9dc566bf15f6b4764de4295ab8b05a7b1a86f9e8cd332b3f7_arm64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:bc408fc4b0482c5eb1b0deb3a9090f3e3dd9b370001d54cd076254562c72fec9_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:d50a2b89442d04b1163c01b3a3951857a95df76c57b14e7f51d835c3ac6d75b3_amd64",
            "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:f05aee8433dec1c9f6cf835038f9e5a47847d4095383bf3c22ca57c3fb69fa98_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:150e17cb645cf2f4cb7ab592572dd3abd145d9a33e790778280e256666248022_amd64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:36aecf05ca3cdaf29982b3efa4a1c97087be29b0a58c9777e6b0c11a34861aa8_s390x",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:e3a51d2bdc632b8376e28c33e9d4fac3464e3a84a313a17246b1f1cf21cb5710_arm64",
            "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:ea07da04f06df6bf0d9dd981a3795dfdb51eca83f59a6291114650e3e98a9e71_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:167ee6a645c7397bde3d12e9b9685279505c25ffb3bda11ae68bdf0b34229f2e_amd64",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4a029733337b10bb9fb8d98c91abc5451ca0b98713c8f2271a675251e025b6c0_s390x",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:812f4380024dc3df42310ad14d173d390f2bdf4b3dbdb02550c00552534f79ce_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:958ba6856cc76fc77d34a9c78888eb37b9c39b83a2f044ef2337610560ba9323_arm64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:043e4d3481fbfedf3115e18fade3a2f33b891b0d9a641bf973c2c7f492cb0489_amd64",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:4fe26adac10cf20b83812e4fa513231d7e1fd4b6cd4e09d4fd425c391885cfcc_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85827db708c0927027435b05732cc7e34b0675eaa86665c91efacc76aecd6227_s390x",
            "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:a5285db276a5545fdbaa9f0743a49ba72ce1c5da61b5cccc9422320a03e08bea_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:0b28415b8115ff3216002faa5c9ecf3c46995085e3364c8028cb544cb4787ed2_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:7016e867ddfe970d6d2d54d5615e8f613786bcfbfe52ebf3139c07da3d5a53db_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:94c435f45e9dbd9fa633e137356cfb1d6ac2d4dd7574b359367665da42d6203d_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:d24afbc9228ef7f3d0a6fd716a3a57abde88a1f65d149c7df4f959a775b670bd_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:40d4989b4733f54a01a73831fa00b12e49fff69c75138902eac0d894d432e4d9_arm64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:b444af35118c24bde0dfa2a8825ba427b3345451f6081133477254213a3460f0_amd64",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:cfe410d498940a95da631ea213866a96a119034d78d5d53f7f9c7e8da56e0f45_s390x",
            "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:f7979c82140a0ab1a97c9f3151465bfbd9f79c4db9b0cc20f974cd7b890f074f_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:02cceda51028eb55a3b82aa5275f03dbaf8f8f9ab3fd27c650d1a07a93044e37_amd64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:0f1be625b4012820f7ac439fed000808d7acb4e885ace16014461bf802be935a_s390x",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:28f45a80846c5e11638fb479be42cafcb2bdb3af94dff3629a820de295cbe31d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:df7de1e9f5a4396df6f14b1c4b6bb2a9ae4bc50d82cbc954ec535c26e8df2cb1_arm64",
            "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:f8a35557c9eb27f703ffa9320a9d39a2361d93fdb0b8c874d97da458048e7eec_amd64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:178fcf44e6a1fa90d27a40565f69ae2880622b017bc8d9e33a441353eb45609d_arm64",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:7b0c2c99cf0f710166b749dbfd7f544caf5fe35516c743fca251c7cec896e1d6_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:9c4959525339b607a98889d56f4c26f2e4af25032466c439903a7f1cb593f721_s390x",
            "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a967d5be7d3a6fdd75965a5f9a7396a52cdcb37d6a8521c440b0b5c650c230f2_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:1b106af51bb50f1ce4db13ebbf6f6c67eae45611c0d5dc46476f1dfaa8aca166_arm64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:92ddf24824c8f8ae93dec07184c446615b635389472d3a525df72da07c8d9b97_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9fd0c5df785564b35392705a479d6fb9245e3329719438c76c0282f9ef2f2d55_amd64",
            "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:be8ba0e4c5f24c7b4549700a25c89b10d4b2fc0b0e3888163bb53827914e95c1_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48bb136d11b44428c87489978873370848ac2b219b107ef7e81ab679db095234_s390x",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:48f0317d167710ff5b0787c73f6b7dd0249e7c8d2d001159132a97299c30b62d_ppc64le",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:bde21c03fb831d01e85b28245881f7e3f2bb2ef6d2671eb92b2e0cc4bd3898e2_arm64",
            "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:cc6b9c6a344aac56c99c96b5120ffe2dad479000b34964ff89d030ae762bda43_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: use of deeply nested arrays"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-42003 (GCVE-0-2022-42003)

Solutions

Solutions

Tags

Sightings

Nomenclature