Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-27304
Vulnerability from cvelistv5
Published
2024-03-06 19:07
Modified
2024-12-12 20:52
Severity ?
EPSS score ?
Summary
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:jackc:pgx:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pgx", "vendor": "jackc", "versions": [ { "lessThan": "4.18.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:jackc:pgx:5.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pgx", "vendor": "jackc", "versions": [ { "lessThan": "5.5.4", "status": "affected", "version": "5.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-27304", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-06T20:31:57.168692Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-25T16:31:36.133Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:27:59.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv" }, { "name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8" }, { "name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007" }, { "name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4" }, { "name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8" }, { "name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pgx", "vendor": "jackc", "versions": [ { "status": "affected", "version": "\u003c 4.18.2" }, { "status": "affected", "version": "\u003e= 5.0.0, \u003c 5.5.4" } ] } ], "descriptions": [ { "lang": "en", "value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-12T20:52:24.821Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv" }, { "name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8" }, { "name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007" }, { "name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4" }, { "name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8" }, { "name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" }, { "name": "https://www.youtube.com/watch?v=Tfg1B8u1yvE", "tags": [ "x_refsource_MISC" ], "url": "https://www.youtube.com/watch?v=Tfg1B8u1yvE" } ], "source": { "advisory": "GHSA-mrww-27vc-gghv", "discovery": "UNKNOWN" }, "title": "pgx SQL Injection via Protocol Message Size Overflow" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-27304", "datePublished": "2024-03-06T19:07:08.491Z", "dateReserved": "2024-02-22T18:08:38.875Z", "dateUpdated": "2024-12-12T20:52:24.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-27304\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-06T19:15:08.767\",\"lastModified\":\"2024-12-12T21:15:07.677\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.\"},{\"lang\":\"es\",\"value\":\"pgx es un controlador PostgreSQL y un conjunto de herramientas para Go. La inyecci\u00f3n de SQL puede ocurrir si un atacante puede hacer que una sola consulta o mensaje de enlace supere los 4 GB de tama\u00f1o. Un desbordamiento de enteros en el tama\u00f1o del mensaje calculado puede provocar que un mensaje grande se env\u00ede como varios mensajes bajo el control del atacante. El problema se resuelve en v4.18.2 y v5.5.4. Como soluci\u00f3n alternativa, rechace la entrada del usuario lo suficientemente grande como para provocar que una sola consulta o mensaje vinculado supere los 4 GB de tama\u00f1o.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"},{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"references\":[{\"url\":\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.youtube.com/watch?v=Tfg1B8u1yvE\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2024_1321
Vulnerability from csaf_redhat
Published
2024-03-13 20:55
Modified
2024-12-17 20:48
Summary
Red Hat Security Advisory: ACS 4.3 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes bug and security fixes.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
This release of RHACS 4.3.5 provides the following bug fix:
* Fixed an issue where an upgrade to RHACS 4.3 from a previous version caused the Central component to enter a crash loop.
It provides the following security fixes:
* pgx: SQL Injection via Protocol Message Size Overflow (CVE-2024-27304)
* pgx: SQL Injection via Line Comment Creation (CVE-2024-27289)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes bug and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of RHACS 4.3.5 provides the following bug fix:\n\n* Fixed an issue where an upgrade to RHACS 4.3 from a previous version caused the Central component to enter a crash loop.\n\nIt provides the following security fixes:\n\n* pgx: SQL Injection via Protocol Message Size Overflow (CVE-2024-27304)\n* pgx: SQL Injection via Line Comment Creation (CVE-2024-27289)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1321", "url": "https://access.redhat.com/errata/RHSA-2024:1321" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2268269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268269" }, { "category": "external", "summary": "2268465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268465" }, { "category": "external", "summary": "ROX-23133", "url": "https://issues.redhat.com/browse/ROX-23133" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1321.json" } ], "title": "Red Hat Security Advisory: ACS 4.3 enhancement and security update", "tracking": { "current_release_date": "2024-12-17T20:48:37+00:00", "generator": { "date": "2024-12-17T20:48:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:1321", "initial_release_date": "2024-03-13T20:55:36+00:00", "revision_history": [ { "date": "2024-03-13T20:55:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-03-13T20:55:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T20:48:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 4.3 for RHEL 8", "product": { "name": "RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.5-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.5-3" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.5-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.5-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.5-1" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.5-3" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64 as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "relates_to_product_reference": "8Base-RHACS-4.3" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le as a component of RHACS 4.3 for RHEL 8", "product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-27289", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2024-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268465" } ], "notes": [ { "category": "description", "text": "A flaw was found in pgx. SQL injection can occur when all of the following conditions are met in versions before 4.18.2 of pgx.\u00a0\r\n- The non-default simple protocol is used\r\n- A placeholder for a numeric value must be immediately preceded by a minus\r\n- There must be a second placeholder for a string value after the first placeholder\r\n- Both must be on the same line\r\n- Both parameter values must be user-controlled", "title": "Vulnerability description" }, { "category": "summary", "text": "pgx: SQL Injection via Line Comment Creation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-27289" }, { "category": "external", "summary": "RHBZ#2268465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27289", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27289" }, { "category": "external", "summary": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" }, { "category": "external", "summary": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2605", "url": "https://pkg.go.dev/vuln/GO-2024-2605" } ], "release_date": "2024-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-13T20:55:36+00:00", "details": "If you are using an earlier version of RHACS 4.3, you are advised to upgrade to patch release 4.3.5.", "product_ids": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1321" }, { "category": "workaround", "details": "A possible mitigation is to not use the simple protocol or do not place a minus directly before a placeholder.", "product_ids": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pgx: SQL Injection via Line Comment Creation" }, { "cve": "CVE-2024-27304", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268269" } ], "notes": [ { "category": "description", "text": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.", "title": "Vulnerability description" }, { "category": "summary", "text": "pgx: SQL Injection via Protocol Message Size Overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-27304" }, { "category": "external", "summary": "RHBZ#2268269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268269" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-27304", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27304" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-13T20:55:36+00:00", "details": "If you are using an earlier version of RHACS 4.3, you are advised to upgrade to patch release 4.3.5.", "product_ids": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:17afebb6840002a1d56b22dd943061345a1eb8997d57572f1715706a708a0a94_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2113a95c5a4d08d51c542121ae0e7be26761a4883f371b89a84ca604c662ba34_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a2bbd43de9ad33f9daa04600dd2dc7e17ff7919c09bc56ca466af2332c867876_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:4ee4e4314d7044b567c0d914a873ef19d6290136524250d71707824ab50a6771_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:5fcc7a9793106c6ee9fad1d3181dd3a418c79defd389ad2f79dac540b61ecebe_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:f2ca25a0d7ce845607c96077b896718a82f92810c90eec616b101a444180c2c4_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:23a88ee59f0c47503fa8ab6832e980121622f75abcc70734cf243299209cdd16_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2483c98f0d789d2f2b4ed9183ae38433bc5069d7ed59847a06b68f0994cadfd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:812df7cb4f9c976cd6869c82e0089969ff9c8492b4d9275c3dd2531e1e9beb75_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:362fe0f627380cbf5ead83c3e57400ca831d6d4d26ab416c17123d345de1a075_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:a1ccf6a8ffc1d2d6a6d04528353fbb4f3f0c039b546f439885c26364d5e3d1de_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:edf704674e62f8651e78e1d2b916f36a3d6cad191d3366b97b0e6b9da2c908a1_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:5f2ad23bcf5d96c9cee2789f21df29ba7a63ddabf09140cecdcc21f04ea7cfcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:c1e7a5e80831c5f078e1aa26e57870aec1949c148f02c255e76a7a98c01099d7_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:e82ef850c57e49eab2d9b4d24e4892c23939ba0b3158bf37000f6f70c0843bd7_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:18468f5da200cfaf17e2f0c45066aa58141d63e4d622d35c06b4ca9d74812232_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:debc2bcf0938e41a61e48547d34ebecea2f5696cf4ef7c28577d4e30c52adee0_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:f6e627cf9449bdc8003c636db8966c0076e51f071124764f26ffb94449d9e69f_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:87bd0d8ae7c5f217f181df81188fff1e1c1f5c06a040a6e376fb26522a3c13d8_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9a1438591ff32bcce16badc7630e5d330f7b7bd453896c79589061686f8f04a9_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b1f1169ba6a7b36297db7cf495ee18d3eb32c3ee3882cdb470f13146aea056fb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:a3f2bc6b6e06314238a9e030c9bc9b640c0ad71709030863ddebcfe7bf12ea1d_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:aa05620232be93fea76d2ca7aa3be5d0db4153cad4e718ab4ed91b8964d52dde_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:eec6502d809be469d4b0b310ef1fed9fe9c59ea3ecc6583ab8893b58814f5a9d_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:605af3ee40fa2a179c369cff28563908cf3b420651c7aef8eef3837977299903_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:82609a23ba6e2b6c819daaddb330c3e1b7ff0f5e16630ebb6e3db0a9af236f88_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:fa03464d54bf4d31623faae0566b2553f42680b60b4e803d175f898048087bcb_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:136f2a4ed9ee5ebbcb9d74ab0a3eb2c65d3a2b53f9eefaae65bed7b6e11617bb_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1ae645988b18f220896c3c57c45e83dfca1ba13ab531543eddd7b85bbdd41ac6_ppc64le", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:284fe7202809723ce52fc3d802927453e6c1943f79ce0761b5f86a8150324cba_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:0fd9c60d08bc078d18bf15243d13e284fc6e794187240a9414d3afde69a43c0f_s390x", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:be0cf8eec9290414cd532be40f1916e977dbd82625ee09f7d45b48172221f6b3_amd64", "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:f0d9e9e8c32dd905e2304dfb686114b3430b6babc88f2abaafd7569403870f52_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pgx: SQL Injection via Protocol Message Size Overflow" } ] }
gsd-2024-27304
Vulnerability from gsd
Modified
2024-02-23 06:03
Details
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-27304" ], "details": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.", "id": "GSD-2024-27304", "modified": "2024-02-23T06:03:43.566567Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-27304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "pgx", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003c 4.18.2" }, { "version_affected": "=", "version_value": "\u003e= 5.0.0, \u003c 5.5.4" } ] } } ] }, "vendor_name": "jackc" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-89", "lang": "eng", "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" } ] }, { "description": [ { "cweId": "CWE-190", "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv", "refsource": "MISC", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv" }, { "name": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8", "refsource": "MISC", "url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8" }, { "name": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007", "refsource": "MISC", "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007" }, { "name": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4", "refsource": "MISC", "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4" }, { "name": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8", "refsource": "MISC", "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8" }, { "name": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df", "refsource": "MISC", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" } ] }, "source": { "advisory": "GHSA-mrww-27vc-gghv", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size." } ], "id": "CVE-2024-27304", "lastModified": "2024-03-06T21:42:48.053", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-03-06T19:15:08.767", "references": [ { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007" }, { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8" }, { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4" }, { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8" }, { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" }, { "source": "security-advisories@github.com", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" }, { "lang": "en", "value": "CWE-89" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
WID-SEC-W-2024-0626
Vulnerability from csaf_certbund
Published
2024-03-13 23:00
Modified
2024-03-13 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0626 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0626.json" }, { "category": "self", "summary": "WID-SEC-2024-0626 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0626" }, { "category": "external", "summary": "RedHatSecurity Advisory vom 2024-03-13", "url": "https://access.redhat.com/errata/RHSA-2024:1321" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Manipulation von Dateien", "tracking": { "current_release_date": "2024-03-13T23:00:00.000+00:00", "generator": { "date": "2024-03-14T09:35:58.123+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0626", "initial_release_date": "2024-03-13T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Advanced Cluster Security \u003c 4.3", "product": { "name": "Red Hat Enterprise Linux Advanced Cluster Security \u003c 4.3", "product_id": "T033490", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security__4.3" } } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-27304", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf mehrere Anf\u00e4lligeiten f\u00fcr SQL-Injections zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um eine SQL-Injection durchzuf\u00fchren." } ], "release_date": "2024-03-13T23:00:00Z", "title": "CVE-2024-27304" }, { "cve": "CVE-2024-27289", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf mehrere Anf\u00e4lligeiten f\u00fcr SQL-Injections zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um eine SQL-Injection durchzuf\u00fchren." } ], "release_date": "2024-03-13T23:00:00Z", "title": "CVE-2024-27289" } ] }
wid-sec-w-2024-0626
Vulnerability from csaf_certbund
Published
2024-03-13 23:00
Modified
2024-03-13 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0626 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0626.json" }, { "category": "self", "summary": "WID-SEC-2024-0626 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0626" }, { "category": "external", "summary": "RedHatSecurity Advisory vom 2024-03-13", "url": "https://access.redhat.com/errata/RHSA-2024:1321" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen Manipulation von Dateien", "tracking": { "current_release_date": "2024-03-13T23:00:00.000+00:00", "generator": { "date": "2024-03-14T09:35:58.123+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0626", "initial_release_date": "2024-03-13T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Advanced Cluster Security \u003c 4.3", "product": { "name": "Red Hat Enterprise Linux Advanced Cluster Security \u003c 4.3", "product_id": "T033490", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security__4.3" } } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-27304", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf mehrere Anf\u00e4lligeiten f\u00fcr SQL-Injections zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um eine SQL-Injection durchzuf\u00fchren." } ], "release_date": "2024-03-13T23:00:00Z", "title": "CVE-2024-27304" }, { "cve": "CVE-2024-27289", "notes": [ { "category": "description", "text": "In Red Hat Enterprise Linux existieren mehrere Schwachstellen. Diese sind auf mehrere Anf\u00e4lligeiten f\u00fcr SQL-Injections zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um eine SQL-Injection durchzuf\u00fchren." } ], "release_date": "2024-03-13T23:00:00Z", "title": "CVE-2024-27289" } ] }
ghsa-mrww-27vc-gghv
Vulnerability from github
Published
2024-03-04 20:43
Modified
2024-12-12 22:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
8.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
Summary
pgx SQL Injection via Protocol Message Size Overflow
Details
Impact
SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control.
Patches
The problem is resolved in v4.18.2 and v5.5.4.
Workarounds
Reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/jackc/pgx" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.18.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/jackc/pgx" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.5.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/jackc/pgx/v4" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.18.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Go", "name": "github.com/jackc/pgx/v5" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.5.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-27304" ], "database_specific": { "cwe_ids": [ "CWE-190", "CWE-89" ], "github_reviewed": true, "github_reviewed_at": "2024-03-04T20:43:24Z", "nvd_published_at": "2024-03-06T19:15:08Z", "severity": "HIGH" }, "details": "### Impact\n\nSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker\u0027s control.\n\n### Patches\n\nThe problem is resolved in v4.18.2 and v5.5.4.\n\n### Workarounds\n\nReject user input large enough to cause a single query or bind message to exceed 4 GB in size.\n", "id": "GHSA-mrww-27vc-gghv", "modified": "2024-12-12T22:30:36Z", "published": "2024-03-04T20:43:24Z", "references": [ { "type": "WEB", "url": "https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8" }, { "type": "WEB", "url": "https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27304" }, { "type": "WEB", "url": "https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007" }, { "type": "WEB", "url": "https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4" }, { "type": "WEB", "url": "https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8" }, { "type": "WEB", "url": "https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df" }, { "type": "PACKAGE", "url": "https://github.com/jackc/pgx" }, { "type": "WEB", "url": "https://www.youtube.com/watch?v=Tfg1B8u1yvE" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "type": "CVSS_V4" } ], "summary": "pgx SQL Injection via Protocol Message Size Overflow" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.