Action not permitted
Modal body text goes here.
cve-2018-3728
Vulnerability from cvelistv5
Published
2018-03-30 19:00
Modified
2024-08-05 04:50
Severity ?
EPSS score ?
Summary
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/103108 | Third Party Advisory, VDB Entry | |
| support@hackerone.com | https://access.redhat.com/errata/RHSA-2018:1263 | Third Party Advisory | |
| support@hackerone.com | https://access.redhat.com/errata/RHSA-2018:1264 | Third Party Advisory | |
| support@hackerone.com | https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/310439 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://nodesecurity.io/advisories/566 | Broken Link | |
| support@hackerone.com | https://snyk.io/vuln/npm:hoek:20180212 | Exploit, Patch, Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| hapi | hoek node module |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/310439"
},
{
"name": "103108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103108"
},
{
"name": "RHSA-2018:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2018:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hoek node module",
"vendor": "hapi",
"versions": [
{
"status": "affected",
"version": "Versions before 5.0.3"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "Modification of Assumed-Immutable Data (MAID) (CWE-471)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-02T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/310439"
},
{
"name": "103108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103108"
},
{
"name": "RHSA-2018:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2018:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodesecurity.io/advisories/566"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hoek node module",
"version": {
"version_data": [
{
"version_value": "Versions before 5.0.3"
}
]
}
}
]
},
"vendor_name": "hapi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee",
"refsource": "CONFIRM",
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"name": "https://hackerone.com/reports/310439",
"refsource": "MISC",
"url": "https://hackerone.com/reports/310439"
},
{
"name": "103108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103108"
},
{
"name": "RHSA-2018:1264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2018:1263",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"name": "https://snyk.io/vuln/npm:hoek:20180212",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"name": "https://nodesecurity.io/advisories/566",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/566"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2018-3728",
"datePublished": "2018-03-30T19:00:00",
"dateReserved": "2017-12-28T00:00:00",
"dateUpdated": "2024-08-05T04:50:30.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3728\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2018-03-30T19:29:00.210\",\"lastModified\":\"2019-10-09T23:40:33.200\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \\\"Object\\\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo hoek en Node en versiones anteriores a la 5.0.3 se ve afectada por una vulnerabilidad MAID (modificaci\u00f3n de datos asumidos como inmutables) mediante las funciones \\\"merge\\\" y \\\"applyToDefaults\\\", lo que permite que un usuario malicioso modifique el prototipo de \\\"Object\\\" mediante __proto__, provocando la adici\u00f3n o modificaci\u00f3n de una propiedad existente que va a existir en todos los objetos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-471\"}]},{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-471\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hapijs:hoek:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.2.0\",\"matchCriteriaId\":\"95E7F4B8-573D-417C-8591-CD4CF7B5EF14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hapijs:hoek:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.3\",\"matchCriteriaId\":\"92E82C0D-613B-4A5E-A9E6-5F21FDCA25EE\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103108\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1263\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1264\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/310439\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nodesecurity.io/advisories/566\",\"source\":\"support@hackerone.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://snyk.io/vuln/npm:hoek:20180212\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
ghsa-jp4x-w63m-7wgm
Vulnerability from github
Published
2018-04-26 15:25
Modified
2023-09-13 19:42
Severity ?
Summary
Prototype Pollution in hoek
Details
Versions of hoek prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.
The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created from a JSON string containing the __proto__ property.
This can be demonstrated like so:
```javascript var Hoek = require('hoek'); var malicious_payload = '{"proto":{"oops":"It works !"}}';
var a = {}; console.log("Before : " + a.oops); Hoek.merge({}, JSON.parse(malicious_payload)); console.log("After : " + a.oops); ```
This type of attack can be used to overwrite existing properties causing a potential denial of service.
Recommendation
Update to version 4.2.1, 5.0.3 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hoek"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "hoek"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-3728"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:43:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.\n\nThe `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property.\n\nThis can be demonstrated like so:\n\n```javascript\nvar Hoek = require(\u0027hoek\u0027);\nvar malicious_payload = \u0027{\"__proto__\":{\"oops\":\"It works !\"}}\u0027;\n\nvar a = {};\nconsole.log(\"Before : \" + a.oops);\nHoek.merge({}, JSON.parse(malicious_payload));\nconsole.log(\"After : \" + a.oops);\n```\n\nThis type of attack can be used to overwrite existing properties causing a potential denial of service.\n\n\n## Recommendation\n\nUpdate to version 4.2.1, 5.0.3 or later.",
"id": "GHSA-jp4x-w63m-7wgm",
"modified": "2023-09-13T19:42:48Z",
"published": "2018-04-26T15:25:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
},
{
"type": "WEB",
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/310439"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jp4x-w63m-7wgm"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/566"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in hoek"
}
rhsa-2021_3917
Vulnerability from csaf_redhat
Published
2021-10-19 12:09
Modified
2024-09-14 01:23
Summary
Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update
Notes
Topic
An update is now available for Red Hat Quay 3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Quay 3.6.0 release
Security Fix(es):
* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)
* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)
* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)
* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)
* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)
* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)
* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)
* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)
* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)
* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)
* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)
* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)
* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)
* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)
* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)
* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)
* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)
* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)
* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)
* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)
* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)
* lodash: Prototype pollution in utilities function (CVE-2018-3721)
* hoek: Prototype pollution in utilities function (CVE-2018-3728)
* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)
* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Quay 3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3917",
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1500700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
},
{
"category": "external",
"summary": "1500705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
},
{
"category": "external",
"summary": "1545884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
},
{
"category": "external",
"summary": "1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "1546357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
},
{
"category": "external",
"summary": "1547272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
},
{
"category": "external",
"summary": "1608140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
},
{
"category": "external",
"summary": "1743096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
},
{
"category": "external",
"summary": "1840004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
},
{
"category": "external",
"summary": "1857412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
},
{
"category": "external",
"summary": "1857977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
},
{
"category": "external",
"summary": "1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "1901662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
},
{
"category": "external",
"summary": "1915257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
},
{
"category": "external",
"summary": "1915420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
},
{
"category": "external",
"summary": "1915424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
},
{
"category": "external",
"summary": "1927293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
},
{
"category": "external",
"summary": "1934470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
},
{
"category": "external",
"summary": "1934474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
},
{
"category": "external",
"summary": "1934680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
},
{
"category": "external",
"summary": "1934685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
},
{
"category": "external",
"summary": "1934692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
},
{
"category": "external",
"summary": "1934699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
},
{
"category": "external",
"summary": "1934705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
},
{
"category": "external",
"summary": "1935384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
},
{
"category": "external",
"summary": "1935396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
},
{
"category": "external",
"summary": "1935401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
},
{
"category": "external",
"summary": "1940759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
},
{
"category": "external",
"summary": "1948763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
},
{
"category": "external",
"summary": "1954150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
},
{
"category": "external",
"summary": "1955619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
},
{
"category": "external",
"summary": "1982378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
},
{
"category": "external",
"summary": "PROJQUAY-1417",
"url": "https://issues.redhat.com/browse/PROJQUAY-1417"
},
{
"category": "external",
"summary": "PROJQUAY-1449",
"url": "https://issues.redhat.com/browse/PROJQUAY-1449"
},
{
"category": "external",
"summary": "PROJQUAY-1535",
"url": "https://issues.redhat.com/browse/PROJQUAY-1535"
},
{
"category": "external",
"summary": "PROJQUAY-1583",
"url": "https://issues.redhat.com/browse/PROJQUAY-1583"
},
{
"category": "external",
"summary": "PROJQUAY-1609",
"url": "https://issues.redhat.com/browse/PROJQUAY-1609"
},
{
"category": "external",
"summary": "PROJQUAY-1610",
"url": "https://issues.redhat.com/browse/PROJQUAY-1610"
},
{
"category": "external",
"summary": "PROJQUAY-1791",
"url": "https://issues.redhat.com/browse/PROJQUAY-1791"
},
{
"category": "external",
"summary": "PROJQUAY-1883",
"url": "https://issues.redhat.com/browse/PROJQUAY-1883"
},
{
"category": "external",
"summary": "PROJQUAY-1887",
"url": "https://issues.redhat.com/browse/PROJQUAY-1887"
},
{
"category": "external",
"summary": "PROJQUAY-1926",
"url": "https://issues.redhat.com/browse/PROJQUAY-1926"
},
{
"category": "external",
"summary": "PROJQUAY-1998",
"url": "https://issues.redhat.com/browse/PROJQUAY-1998"
},
{
"category": "external",
"summary": "PROJQUAY-2050",
"url": "https://issues.redhat.com/browse/PROJQUAY-2050"
},
{
"category": "external",
"summary": "PROJQUAY-2100",
"url": "https://issues.redhat.com/browse/PROJQUAY-2100"
},
{
"category": "external",
"summary": "PROJQUAY-2102",
"url": "https://issues.redhat.com/browse/PROJQUAY-2102"
},
{
"category": "external",
"summary": "PROJQUAY-672",
"url": "https://issues.redhat.com/browse/PROJQUAY-672"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3917.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-09-14T01:23:23+00:00",
"generator": {
"date": "2024-09-14T01:23:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2021:3917",
"initial_release_date": "2021-10-19T12:09:35+00:00",
"revision_history": [
{
"date": "2021-10-19T12:09:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-10-19T12:09:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-14T01:23:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Quay v3",
"product": {
"name": "Quay v3",
"product_id": "8Base-Quay-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"product": {
"name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"product_id": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=v3.6.0-35"
}
}
},
{
"category": "product_version",
"name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"product": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"product_id": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=v3.6.0-40"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"product": {
"name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"product_id": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=v3.6.0-44"
}
}
},
{
"category": "product_version",
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"product": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"product_id": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=v3.6.0-45"
}
}
},
{
"category": "product_version",
"name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"product": {
"name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"product_id": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=v3.6.0-70"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"product": {
"name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"product_id": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=v3.6.0-37"
}
}
},
{
"category": "product_version",
"name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"product": {
"name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"product_id": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=v3.6.0-44"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"product": {
"name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"product_id": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=v3.6.0-48"
}
}
},
{
"category": "product_version",
"name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"product": {
"name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"product_id": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=v3.6.0-43"
}
}
},
{
"category": "product_version",
"name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
"product": {
"name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
"product_id": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=v3.6.0-62"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64"
},
"product_reference": "quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64"
},
"product_reference": "quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64"
},
"product_reference": "quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64"
},
"product_reference": "quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64"
},
"product_reference": "quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64"
},
"product_reference": "quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64"
},
"product_reference": "quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64"
},
"product_reference": "quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
},
"product_reference": "quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"relates_to_product_reference": "8Base-Quay-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64 as a component of Quay v3",
"product_id": "8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
},
"product_reference": "quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64",
"relates_to_product_reference": "8Base-Quay-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16137",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500705"
}
],
"notes": [
{
"category": "description",
"text": "The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-debug: Regular expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of rh-nodejs4-nodejs-debug, rh-nodejs6-nodejs-debug, and rh-nodejs8-nodejs-debug as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of nodejs-debug as a part of the ovirt-engine-api-explorer package. This package is removed in Red Hat Virtualization 4.3.\n\nRed Hat Quay includes the debug library as a dependency of karma-webpack. It is only used at build time, and not runtime so its impact is reduce to low in Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16137"
},
{
"category": "external",
"summary": "RHBZ#1500705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16137"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-debug: Regular expression Denial of Service"
},
{
"cve": "CVE-2017-16138",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-09-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1500700"
}
],
"notes": [
{
"category": "description",
"text": "The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-mime: Regular expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contained a vulnerable version of nodejs-mime in the ovirt-engine-dashboard package. This package has been removed in Red Hat Virtualization 4.2.\n\nRed Hat Quay includes mime as a dependency of Karma. It\u0027s only used at build time, not runtime so this vulnerability has a low impact of Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16138"
},
{
"category": "external",
"summary": "RHBZ#1500700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16138",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16138"
},
{
"category": "external",
"summary": "https://nodesecurity.io/advisories/535",
"url": "https://nodesecurity.io/advisories/535"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-mime: Regular expression Denial of Service"
},
{
"cve": "CVE-2018-1107",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1546357"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Quay the is-my-json-valid library is included as a build time dependency of protractor. It\u0027s only used at build time, not at runtime reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1107"
},
{
"category": "external",
"summary": "RHBZ#1546357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1107"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/npm:is-my-json-valid:20180214",
"url": "https://snyk.io/vuln/npm:is-my-json-valid:20180214"
}
],
"release_date": "2018-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format"
},
{
"cve": "CVE-2018-1109",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1547272"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes braces as a dependency of webpack. Braces is only used at build time, not at runtime, reducing the impact of this vulnerability to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1109"
},
{
"category": "external",
"summary": "RHBZ#1547272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1109"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/npm:braces:20180219",
"url": "https://snyk.io/vuln/npm:braces:20180219"
}
],
"release_date": "2018-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js"
},
{
"cve": "CVE-2018-3721",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1545884"
}
],
"notes": [
{
"category": "description",
"text": "lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Prototype pollution in utilities function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms version 4.7 does not ship component lodash, so isn\u0027t affected by this flaw.\n\nRed Hat Virtualization 4.2 EUS includes a vulnerable version of lodash as part of the ovirt-engine-dashboard package. This package has been removed from Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3721"
},
{
"category": "external",
"summary": "RHBZ#1545884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3721"
}
],
"release_date": "2018-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "lodash: Prototype pollution in utilities function"
},
{
"cve": "CVE-2018-3728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1545893"
}
],
"notes": [
{
"category": "description",
"text": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hoek: Prototype pollution in utilities function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3728"
},
{
"category": "external",
"summary": "RHBZ#1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3728",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
}
],
"release_date": "2018-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hoek: Prototype pollution in utilities function"
},
{
"cve": "CVE-2018-3774",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-08-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1940759"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-url-parse: incorrect hostname in url parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3774"
},
{
"category": "external",
"summary": "RHBZ#1940759",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940759"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-url-parse: incorrect hostname in url parsing"
},
{
"cve": "CVE-2018-16492",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1608140"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in module extend \u003c2.0.2, ~\u003c3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-extend: Prototype pollution can allow attackers to modify object properties",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes \u0027extend\u0027 as a build time dependency. It\u0027s not used at runtime reducing the impact of this vulnerability to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-16492"
},
{
"category": "external",
"summary": "RHBZ#1608140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-16492",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16492"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/npm:extend:20180424",
"url": "https://snyk.io/vuln/npm:extend:20180424"
}
],
"release_date": "2018-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-extend: Prototype pollution can allow attackers to modify object properties"
},
{
"cve": "CVE-2018-21270",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-12-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay include stringstream as a dependency of Karma. Karma is only used at build time, and not at runtime reducing the impact of this vulnerability to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-21270"
},
{
"category": "external",
"summary": "RHBZ#1927293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-21270"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21270"
}
],
"release_date": "2020-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure"
},
{
"cve": "CVE-2019-20920",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20920"
},
{
"category": "external",
"summary": "RHBZ#1882260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1316",
"url": "https://www.npmjs.com/advisories/1316"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1324",
"url": "https://www.npmjs.com/advisories/1324"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution"
},
{
"cve": "CVE-2019-20922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1882256"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20922"
},
{
"category": "external",
"summary": "RHBZ#1882256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1300",
"url": "https://www.npmjs.com/advisories/1300"
}
],
"release_date": "2019-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS"
},
{
"cve": "CVE-2019-1010266",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-07-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1743096"
}
],
"notes": [
{
"category": "description",
"text": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: uncontrolled resource consumption in Data handler causing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-1010266"
},
{
"category": "external",
"summary": "RHBZ#1743096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743096"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-1010266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010266"
}
],
"release_date": "2019-04-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "lodash: uncontrolled resource consumption in Data handler causing denial of service"
},
{
"cve": "CVE-2020-7608",
"cwe": {
"id": "CWE-267",
"name": "Privilege Defined With Unsafe Actions"
},
"discovery_date": "2020-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1840004"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a \"__proto__\" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-yargs-parser: prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7608"
},
{
"category": "external",
"summary": "RHBZ#1840004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7608"
}
],
"release_date": "2020-03-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-yargs-parser: prototype pollution vulnerability"
},
{
"cve": "CVE-2020-8203",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1857412"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: prototype pollution in zipObjectDeep function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and Red Hat OpenShift Container Platform (RHOCP), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-lodash library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nRed Hat Virtualization uses vulnerable version of nodejs-lodash, however zipObjectDeep is not used, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8203"
},
{
"category": "external",
"summary": "RHBZ#1857412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8203"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/712065",
"url": "https://hackerone.com/reports/712065"
},
{
"category": "external",
"summary": "https://www.npmjs.com/advisories/1523",
"url": "https://www.npmjs.com/advisories/1523"
}
],
"release_date": "2020-04-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: prototype pollution in zipObjectDeep function"
},
{
"cve": "CVE-2020-15366",
"cwe": {
"id": "CWE-471",
"name": "Modification of Assumed-Immutable Data (MAID)"
},
"discovery_date": "2020-07-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1857977"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-ajv library to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15366"
},
{
"category": "external",
"summary": "RHBZ#1857977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857977"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15366"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-AJV-584908",
"url": "https://snyk.io/vuln/SNYK-JS-AJV-584908"
}
],
"release_date": "2020-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function"
},
{
"cve": "CVE-2020-26237",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-11-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1901662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object\u0027s prototype during highlighting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-highlight-js: prototype pollution via a crafted HTML code block",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Virtualization, ovirt-engine-api-explorer uses a vulnerable version of highlight.js, however since release 4.4.3 ovirt-engine-api-explorer is obsoleted and no longer used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26237"
},
{
"category": "external",
"summary": "RHBZ#1901662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26237",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26237"
},
{
"category": "external",
"summary": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx",
"url": "https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx"
}
],
"release_date": "2020-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-highlight-js: prototype pollution via a crafted HTML code block"
},
{
"cve": "CVE-2020-26291",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1915257"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urijs. The hostname can be spoofed by using a backslash (`\\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urijs: Hostname spoofing via backslashes in URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26291"
},
{
"category": "external",
"summary": "RHBZ#1915257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26291"
},
{
"category": "external",
"summary": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155",
"url": "https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155"
},
{
"category": "external",
"summary": "https://github.com/medialize/URI.js/releases/tag/v1.19.4",
"url": "https://github.com/medialize/URI.js/releases/tag/v1.19.4"
},
{
"category": "external",
"summary": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg",
"url": "https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/urijs",
"url": "https://www.npmjs.com/package/urijs"
}
],
"release_date": "2020-12-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urijs: Hostname spoofing via backslashes in URL"
},
{
"cve": "CVE-2020-35653",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1915420"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. The PcxDecode in Pillow has a buffer over-read when decoding a crafted PCX file due to the user-supplied stride value trusted for buffer calculations. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Buffer over-read in PCX image reader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-35653"
},
{
"category": "external",
"summary": "RHBZ#1915420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915420"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-35653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35653"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35653"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
}
],
"release_date": "2021-01-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-pillow: Buffer over-read in PCX image reader"
},
{
"cve": "CVE-2020-35654",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-01-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1915424"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-35654"
},
{
"category": "external",
"summary": "RHBZ#1915424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915424"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-35654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35654"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security"
}
],
"release_date": "2021-01-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow"
},
{
"cve": "CVE-2021-23364",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955619"
}
],
"notes": [
{
"category": "description",
"text": "Regular Expression Denial of Service (ReDoS) vulnerability was found in browserslist library. An attacker can use this vulnerability to parse a query which potentially can lead to service degradation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While some components do package a vulnerable version of nodejs browserslist library, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. \nThis applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM)\n - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n\nIn Red Had Quay , whilst a vulnerable version of `browserslist` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23364"
},
{
"category": "external",
"summary": "RHBZ#1955619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23364"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)"
},
{
"cve": "CVE-2021-23368",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948763"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this vulnerability to potentially craft a malicious a long CSS value to process resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-postcss: Regular expression denial of service during source map parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.\n\nIn Red Hat Virtualization a vulnerable version of postcss is used in cockpit-ovirt, ovirt-web-ui and ovirt-engine-ui-extensions. However, it is only used during development and is used to process known CSS content. This flaw has been marked as \"wontfix\" and it may be addressed in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23368"
},
{
"category": "external",
"summary": "RHBZ#1948763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948763"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23368"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-postcss: Regular expression denial of service during source map parsing"
},
{
"cve": "CVE-2021-23382",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954150"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss` when using getAnnotationURL() or loadAnnotation() options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenShift Container Platform (RHOCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-postcss library to authenticated users only, therefore the impact is low.\n\nRed Hat OpenShift Container Platform 4 delivers the kibana package where the nodejs-postcss library is used, but due to the code changing to the container first content the kibana package is marked as wontfix. This may be fixed in the future.\n\nIn Red Had Quay , whilst a vulnerable version of `postcss` is included in the quay-rhel8 container it is a development dependency only, therefor the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23382"
},
{
"category": "external",
"summary": "RHBZ#1954150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954150"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23382"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640",
"url": "https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640"
}
],
"release_date": "2021-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js"
},
{
"cve": "CVE-2021-25289",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. The previous fix for CVE-2020-35654 was insufficient due to incorrect error checking in TiffDecode.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "python-pillow as shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw as the flaw was introduced in a newer version than shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-25289"
},
{
"category": "external",
"summary": "RHBZ#1934680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25289"
}
],
"release_date": "2021-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c"
},
{
"cve": "CVE-2021-25290",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Negative-offset memcpy in TIFF image reader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-25290"
},
{
"category": "external",
"summary": "RHBZ#1934685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25290"
}
],
"release_date": "2021-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Negative-offset memcpy in TIFF image reader"
},
{
"cve": "CVE-2021-25291",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934692"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of python-pillow as shipped with Red Hat Enterprise Linux 8 as it does not include the vulnerable code, which was introduced in a newer upstream version than what what shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-25291"
},
{
"category": "external",
"summary": "RHBZ#1934692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934692"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-25291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25291"
}
],
"release_date": "2021-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c"
},
{
"cve": "CVE-2021-25292",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934699"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Regular expression DoS in PDF format parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-25292"
},
{
"category": "external",
"summary": "RHBZ#1934699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-25292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25292"
}
],
"release_date": "2021-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Regular expression DoS in PDF format parser"
},
{
"cve": "CVE-2021-25293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. There is an Out of Bounds Read in SGIRleDecode.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Out-of-bounds read in SGI RLE image reader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-25293"
},
{
"category": "external",
"summary": "RHBZ#1934705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-25293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25293"
}
],
"release_date": "2021-02-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Out-of-bounds read in SGI RLE image reader"
},
{
"cve": "CVE-2021-27515",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2021-03-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934474"
}
],
"notes": [
{
"category": "description",
"text": "An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27515"
},
{
"category": "external",
"summary": "RHBZ#1934474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27515"
}
],
"release_date": "2021-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise"
},
{
"cve": "CVE-2021-27516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-03-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-urijs where URI.js (urijs) mishandles certain uses of the backslash such as http:\\/ and interprets the URI as a relative path. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes the urijs dependency in it\u0027s package.lock file but it\u0027s not used anywhere in the code.\n\nRed Hat Advanced Cluster Management for Kubernetes uses Quay as a service, but not code from Quay that exists in RHACM.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27516"
},
{
"category": "external",
"summary": "RHBZ#1934470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27516"
}
],
"release_date": "2021-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise"
},
{
"cve": "CVE-2021-27921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935384"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Excessive memory allocation in BLP image reader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27921"
},
{
"category": "external",
"summary": "RHBZ#1935384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935384"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27921"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Excessive memory allocation in BLP image reader"
},
{
"cve": "CVE-2021-27922",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Excessive memory allocation in ICNS image reader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27922"
},
{
"category": "external",
"summary": "RHBZ#1935396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27922"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Excessive memory allocation in ICNS image reader"
},
{
"cve": "CVE-2021-27923",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1935401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. Attackers can cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Excessive memory allocation in ICO image reader",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27923"
},
{
"category": "external",
"summary": "RHBZ#1935401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27923"
}
],
"release_date": "2021-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Excessive memory allocation in ICO image reader"
},
{
"cve": "CVE-2021-34552",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1982378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the \"convert()\" or \"ImagingConvertTransparent()\" functions in Convert.c. The highest threat to this vulnerability is to system availability.\r\n\r\nIn Red Hat Quay, a vulnerable version of python-pillow is shipped with quay-registry-container, however the invoice generation feature which uses python-pillow is disabled by default. Therefore impact has been rated Moderate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: Buffer overflow in image convert function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the compiler options used, the buffer overflow is detected and the impact is lowered to a crash only. Additionally, the \"mode\" parameter has to be attacker controlled, which is considered a rare case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"known_not_affected": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34552"
},
{
"category": "external",
"summary": "RHBZ#1982378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34552",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34552"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3917"
},
{
"category": "workaround",
"details": "To mitigate this flaw on Red Hat Quay, keep the invoice generation feature disabled, as it is by default.\n\nRed Hat Satellite 6.9 customers can apply following hotfix to eliminate the vulnerability warnings.\n* Download python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm from https://bugzilla.redhat.com/attachment.cgi?id=1819471\n* Stop services:\n# satellite-maintain service stop\n* Upgrade python2-daemon and remove affected package\n# rpm -Uvh python2-daemon-2.1.2-7.1.HFRHBZ1998199.el7sat.noarch.rpm\n# yum remove python-pillow\n* Restart services:\n# satellite-maintain service start\n\nSatellite 6.10 future release is also fixing this.",
"product_ids": [
"8Base-Quay-3:quay/clair-rhel8@sha256:2cb015d00c209fa894958afccbb5ab03c0cc08d74789412343d40564c790b96d_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-bundle@sha256:89ff146ee1ca5fd079bfc1d1dc2f84d3215edbeb7b540f7dde390d1508133229_amd64",
"8Base-Quay-3:quay/quay-bridge-operator-rhel8@sha256:8ed9531542037756f556ab478b54b216e4ae631d72477dba6784eb75657d3646_amd64",
"8Base-Quay-3:quay/quay-builder-qemu-rhcos-rhel8@sha256:03862af902623b5c0f8ab0ce4bac896624fb0325ff5089e6cc0426f125891e6e_amd64",
"8Base-Quay-3:quay/quay-builder-rhel8@sha256:0125935ef8a605c55c0a68233177f7ee84b9a0bc3331f496945d72c87aa84cb8_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-bundle@sha256:bbb7a3a4cfd9c98df1037c58d3e68e1cd8e554c0af336b08a04a914285c68edb_amd64",
"8Base-Quay-3:quay/quay-container-security-operator-rhel8@sha256:860794203beca60e5961b0e69aae97c7e6d6f7e3867b476d1cc458523ec0804b_amd64",
"8Base-Quay-3:quay/quay-operator-bundle@sha256:7eeea8b3c3f9ddade8e989a5227fe2e01b7dff0546350017117a10155f16fbe1_amd64",
"8Base-Quay-3:quay/quay-operator-rhel8@sha256:0b9639c1895923a625980cd57316065b0e192e5ae6a6a7ca5e7d31289d42f7a0_amd64",
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Quay-3:quay/quay-rhel8@sha256:d8dd1cd5ccc8231a1228371935700f61f71ffcb9bc3134fe7f37c822a8ec41d3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-pillow: Buffer overflow in image convert function"
}
]
}
rhsa-2018_1263
Vulnerability from csaf_redhat
Published
2018-04-30 18:41
Modified
2024-11-05 20:29
Summary
Red Hat Security Advisory: Red Hat Mobile Application Platform 4.6.0 release - RPMs
Notes
Topic
Red Hat Mobile Application Platform 4.6.0 release - RPMs
Details
Red Hat Mobile Application Platform (RHMAP) 4.6 is delivered as a set of container images.
In addition to the images, several components are delivered as RPMs:
* OpenShift templates used to deploy an RHMAP Core and MBaaS
* The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide.
The following RPMs are included in the RHMAP container images, and are provided here only for completeness:
* The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image.
This release serves as an update for Red Hat Mobile Application Platform 4.5.6. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.6.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved.
Security Fix(es):
* nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010)
* hoek: Prototype pollution in utilities function (CVE-2018-3728)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Mobile Application Platform 4.6.0 release - RPMs",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Mobile Application Platform (RHMAP) 4.6 is delivered as a set of container images.\n\nIn addition to the images, several components are delivered as RPMs:\n\n* OpenShift templates used to deploy an RHMAP Core and MBaaS\n\n* The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide.\n\nThe following RPMs are included in the RHMAP container images, and are provided here only for completeness:\n\n* The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image.\n\nThis release serves as an update for Red Hat Mobile Application Platform 4.5.6. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.6.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nNagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved.\n\nSecurity Fix(es):\n\n* nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010)\n \n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1263",
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1493989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989"
},
{
"category": "external",
"summary": "1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "RHMAP-19902",
"url": "https://issues.redhat.com/browse/RHMAP-19902"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1263.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Mobile Application Platform 4.6.0 release - RPMs",
"tracking": {
"current_release_date": "2024-11-05T20:29:48+00:00",
"generator": {
"date": "2024-11-05T20:29:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2018:1263",
"initial_release_date": "2018-04-30T18:41:22+00:00",
"revision_history": [
{
"date": "2018-04-30T18:41:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T18:41:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:29:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Mobile Application Platform 4.6",
"product": {
"name": "Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:mobile_application_platform:4.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Mobile Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"product": {
"name": "fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"product_id": "fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fh-system-dump-tool@1.0.0-5.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"product": {
"name": "radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"product_id": "radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/radiusclient-ng-devel@0.5.6-9.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"product": {
"name": "radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"product_id": "radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/radiusclient-ng@0.5.6-9.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"product": {
"name": "radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"product_id": "radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/radiusclient-ng-debuginfo@0.5.6-9.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"product": {
"name": "radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"product_id": "radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/radiusclient-ng-utils@0.5.6-9.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-oracle@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-cluster@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ifoperstatus@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-swap@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-log@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ifstatus@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-sensors@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-dummy@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-mrtg@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-mysql@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-real@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-game@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-breeze@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-icmp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-http@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-disk@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-snmp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-apt@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-fping@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-dns@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-load@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-procs@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-overcr@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ircd@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-dhcp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-rpc@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-all@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-wave@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-dig@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ide_smart@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ntp-perl@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-pgsql@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-uptime@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ups@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-hpjd@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-mrtgtraf@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-disk_smb@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ping@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-perl@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-smtp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-by_ssh@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-time@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-tcp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-users@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ssh@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-debuginfo@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-nwstat@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-nagios@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ntp@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-file_age@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-mailq@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-dbi@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-ldap@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-radius@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-flexlm@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"product": {
"name": "nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"product_id": "nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins-nt@2.0.3-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "phantomjs-0:1.9.7-3.el7map.x86_64",
"product": {
"name": "phantomjs-0:1.9.7-3.el7map.x86_64",
"product_id": "phantomjs-0:1.9.7-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/phantomjs@1.9.7-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"product": {
"name": "phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"product_id": "phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/phantomjs-debuginfo@1.9.7-3.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"product": {
"name": "rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"product_id": "rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhmap-mod_authnz_external-debuginfo@3.3.1-7.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"product": {
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"product_id": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhmap-mod_authnz_external@3.3.1-7.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ssmtp-0:2.64-14.el7map.x86_64",
"product": {
"name": "ssmtp-0:2.64-14.el7map.x86_64",
"product_id": "ssmtp-0:2.64-14.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ssmtp@2.64-14.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"product": {
"name": "ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"product_id": "ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ssmtp-debuginfo@2.64-14.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"product": {
"name": "qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"product_id": "qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qstat-debuginfo@2.11-13.20080912svn311.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"product": {
"name": "qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"product_id": "qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qstat@2.11-13.20080912svn311.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "fping-0:3.10-4.el7map.x86_64",
"product": {
"name": "fping-0:3.10-4.el7map.x86_64",
"product_id": "fping-0:3.10-4.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fping@3.10-4.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "fping-debuginfo-0:3.10-4.el7map.x86_64",
"product": {
"name": "fping-debuginfo-0:3.10-4.el7map.x86_64",
"product_id": "fping-debuginfo-0:3.10-4.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fping-debuginfo@3.10-4.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-meld3-0:0.6.10-1.el7map.x86_64",
"product": {
"name": "python-meld3-0:0.6.10-1.el7map.x86_64",
"product_id": "python-meld3-0:0.6.10-1.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-meld3@0.6.10-1.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"product": {
"name": "python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"product_id": "python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-meld3-debuginfo@0.6.10-1.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redis-0:2.8.21-2.el7map.x86_64",
"product": {
"name": "redis-0:2.8.21-2.el7map.x86_64",
"product_id": "redis-0:2.8.21-2.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@2.8.21-2.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"product": {
"name": "redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"product_id": "redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@2.8.21-2.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"product": {
"name": "perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"product_id": "perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Crypt-DES-debuginfo@2.05-20.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"product": {
"name": "perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"product_id": "perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Crypt-DES@2.05-20.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-0:4.0.8-8.el7map.x86_64",
"product": {
"name": "nagios-0:4.0.8-8.el7map.x86_64",
"product_id": "nagios-0:4.0.8-8.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios@4.0.8-8.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-common-0:4.0.8-8.el7map.x86_64",
"product": {
"name": "nagios-common-0:4.0.8-8.el7map.x86_64",
"product_id": "nagios-common-0:4.0.8-8.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-common@4.0.8-8.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"product": {
"name": "nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"product_id": "nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-debuginfo@4.0.8-8.el7map?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nagios-devel-0:4.0.8-8.el7map.x86_64",
"product": {
"name": "nagios-devel-0:4.0.8-8.el7map.x86_64",
"product_id": "nagios-devel-0:4.0.8-8.el7map.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-devel@4.0.8-8.el7map?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "fh-system-dump-tool-0:1.0.0-5.el7.src",
"product": {
"name": "fh-system-dump-tool-0:1.0.0-5.el7.src",
"product_id": "fh-system-dump-tool-0:1.0.0-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fh-system-dump-tool@1.0.0-5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "radiusclient-ng-0:0.5.6-9.el7map.src",
"product": {
"name": "radiusclient-ng-0:0.5.6-9.el7map.src",
"product_id": "radiusclient-ng-0:0.5.6-9.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/radiusclient-ng@0.5.6-9.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "nagios-plugins-0:2.0.3-3.el7map.src",
"product": {
"name": "nagios-plugins-0:2.0.3-3.el7map.src",
"product_id": "nagios-plugins-0:2.0.3-3.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios-plugins@2.0.3-3.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "phantomjs-0:1.9.7-3.el7map.src",
"product": {
"name": "phantomjs-0:1.9.7-3.el7map.src",
"product_id": "phantomjs-0:1.9.7-3.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/phantomjs@1.9.7-3.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"product": {
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"product_id": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhmap-mod_authnz_external@3.3.1-7.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "supervisor-0:3.1.3-3.el7map.src",
"product": {
"name": "supervisor-0:3.1.3-3.el7map.src",
"product_id": "supervisor-0:3.1.3-3.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/supervisor@3.1.3-3.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "sendEmail-0:1.56-2.el7.src",
"product": {
"name": "sendEmail-0:1.56-2.el7.src",
"product_id": "sendEmail-0:1.56-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sendEmail@1.56-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "ssmtp-0:2.64-14.el7map.src",
"product": {
"name": "ssmtp-0:2.64-14.el7map.src",
"product_id": "ssmtp-0:2.64-14.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ssmtp@2.64-14.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "qstat-0:2.11-13.20080912svn311.el7map.src",
"product": {
"name": "qstat-0:2.11-13.20080912svn311.el7map.src",
"product_id": "qstat-0:2.11-13.20080912svn311.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qstat@2.11-13.20080912svn311.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "fping-0:3.10-4.el7map.src",
"product": {
"name": "fping-0:3.10-4.el7map.src",
"product_id": "fping-0:3.10-4.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fping@3.10-4.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-meld3-0:0.6.10-1.el7map.src",
"product": {
"name": "python-meld3-0:0.6.10-1.el7map.src",
"product_id": "python-meld3-0:0.6.10-1.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-meld3@0.6.10-1.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.src",
"product": {
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.src",
"product_id": "perl-Net-SNMP-0:6.0.1-7.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Net-SNMP@6.0.1-7.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "redis-0:2.8.21-2.el7map.src",
"product": {
"name": "redis-0:2.8.21-2.el7map.src",
"product_id": "redis-0:2.8.21-2.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@2.8.21-2.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "perl-Crypt-CBC-0:2.33-2.el7map.src",
"product": {
"name": "perl-Crypt-CBC-0:2.33-2.el7map.src",
"product_id": "perl-Crypt-CBC-0:2.33-2.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.33-2.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "perl-Crypt-DES-0:2.05-20.el7map.src",
"product": {
"name": "perl-Crypt-DES-0:2.05-20.el7map.src",
"product_id": "perl-Crypt-DES-0:2.05-20.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Crypt-DES@2.05-20.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "nagios-0:4.0.8-8.el7map.src",
"product": {
"name": "nagios-0:4.0.8-8.el7map.src",
"product_id": "nagios-0:4.0.8-8.el7map.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nagios@4.0.8-8.el7map?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"product": {
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"product_id": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhmap-fh-openshift-templates@4.6.0-5.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "supervisor-0:3.1.3-3.el7map.noarch",
"product": {
"name": "supervisor-0:3.1.3-3.el7map.noarch",
"product_id": "supervisor-0:3.1.3-3.el7map.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/supervisor@3.1.3-3.el7map?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "sendEmail-0:1.56-2.el7.noarch",
"product": {
"name": "sendEmail-0:1.56-2.el7.noarch",
"product_id": "sendEmail-0:1.56-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/sendEmail@1.56-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"product": {
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"product_id": "perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Net-SNMP@6.0.1-7.el7map?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"product": {
"name": "perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"product_id": "perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.33-2.el7map?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"product": {
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"product_id": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhmap-fh-openshift-templates@4.6.0-5.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "fh-system-dump-tool-0:1.0.0-5.el7.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src"
},
"product_reference": "fh-system-dump-tool-0:1.0.0-5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fh-system-dump-tool-0:1.0.0-5.el7.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64"
},
"product_reference": "fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fping-0:3.10-4.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src"
},
"product_reference": "fping-0:3.10-4.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fping-0:3.10-4.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64"
},
"product_reference": "fping-0:3.10-4.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fping-debuginfo-0:3.10-4.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64"
},
"product_reference": "fping-debuginfo-0:3.10-4.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-0:4.0.8-8.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src"
},
"product_reference": "nagios-0:4.0.8-8.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-0:4.0.8-8.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64"
},
"product_reference": "nagios-0:4.0.8-8.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-common-0:4.0.8-8.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64"
},
"product_reference": "nagios-common-0:4.0.8-8.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-debuginfo-0:4.0.8-8.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64"
},
"product_reference": "nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-0:4.0.8-8.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64"
},
"product_reference": "nagios-devel-0:4.0.8-8.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-0:2.0.3-3.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src"
},
"product_reference": "nagios-plugins-0:2.0.3-3.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-all-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-apt-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-dig-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-disk-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-dns-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-fping-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-game-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-http-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-load-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-log-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-nt-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-perl-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ping-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-procs-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-radius-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-real-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-swap-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-time-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-ups-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-users-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-plugins-wave-0:2.0.3-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64"
},
"product_reference": "nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Crypt-CBC-0:2.33-2.el7map.noarch as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch"
},
"product_reference": "perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Crypt-CBC-0:2.33-2.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src"
},
"product_reference": "perl-Crypt-CBC-0:2.33-2.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Crypt-DES-0:2.05-20.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src"
},
"product_reference": "perl-Crypt-DES-0:2.05-20.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Crypt-DES-0:2.05-20.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64"
},
"product_reference": "perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64"
},
"product_reference": "perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.noarch as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch"
},
"product_reference": "perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Net-SNMP-0:6.0.1-7.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src"
},
"product_reference": "perl-Net-SNMP-0:6.0.1-7.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phantomjs-0:1.9.7-3.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src"
},
"product_reference": "phantomjs-0:1.9.7-3.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phantomjs-0:1.9.7-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64"
},
"product_reference": "phantomjs-0:1.9.7-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64"
},
"product_reference": "phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-meld3-0:0.6.10-1.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src"
},
"product_reference": "python-meld3-0:0.6.10-1.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-meld3-0:0.6.10-1.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64"
},
"product_reference": "python-meld3-0:0.6.10-1.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64"
},
"product_reference": "python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qstat-0:2.11-13.20080912svn311.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src"
},
"product_reference": "qstat-0:2.11-13.20080912svn311.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qstat-0:2.11-13.20080912svn311.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64"
},
"product_reference": "qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64"
},
"product_reference": "qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radiusclient-ng-0:0.5.6-9.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src"
},
"product_reference": "radiusclient-ng-0:0.5.6-9.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radiusclient-ng-0:0.5.6-9.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64"
},
"product_reference": "radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64"
},
"product_reference": "radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64"
},
"product_reference": "radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64"
},
"product_reference": "radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:2.8.21-2.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src"
},
"product_reference": "redis-0:2.8.21-2.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:2.8.21-2.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64"
},
"product_reference": "redis-0:2.8.21-2.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:2.8.21-2.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64"
},
"product_reference": "redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch"
},
"product_reference": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src"
},
"product_reference": "rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src"
},
"product_reference": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64"
},
"product_reference": "rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64"
},
"product_reference": "rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sendEmail-0:1.56-2.el7.noarch as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch"
},
"product_reference": "sendEmail-0:1.56-2.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sendEmail-0:1.56-2.el7.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src"
},
"product_reference": "sendEmail-0:1.56-2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ssmtp-0:2.64-14.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src"
},
"product_reference": "ssmtp-0:2.64-14.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ssmtp-0:2.64-14.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64"
},
"product_reference": "ssmtp-0:2.64-14.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ssmtp-debuginfo-0:2.64-14.el7map.x86_64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64"
},
"product_reference": "ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supervisor-0:3.1.3-3.el7map.noarch as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch"
},
"product_reference": "supervisor-0:3.1.3-3.el7map.noarch",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supervisor-0:3.1.3-3.el7map.src as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
},
"product_reference": "supervisor-0:3.1.3-3.el7map.src",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15010",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493989"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-tough-cookie: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay include nodejs-tough-cookie as a build time dependency of protractor. It\u0027s no included in the runtime code, and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15010"
},
{
"category": "external",
"summary": "RHBZ#1493989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010"
},
{
"category": "external",
"summary": "https://nodesecurity.io/advisories/525",
"url": "https://nodesecurity.io/advisories/525"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T18:41:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-tough-cookie: Regular expression denial of service"
},
{
"cve": "CVE-2018-3728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1545893"
}
],
"notes": [
{
"category": "description",
"text": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hoek: Prototype pollution in utilities function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3728"
},
{
"category": "external",
"summary": "RHBZ#1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3728",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
}
],
"release_date": "2018-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T18:41:22+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:fh-system-dump-tool-0:1.0.0-5.el7.x86_64",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.src",
"7Server-RH7-RHMAP-4.6:fping-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:fping-debuginfo-0:3.10-4.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-common-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-debuginfo-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-devel-0:4.0.8-8.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.src",
"7Server-RH7-RHMAP-4.6:nagios-plugins-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-all-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-apt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-breeze-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-by_ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-cluster-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dbi-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-debuginfo-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dhcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dig-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-disk_smb-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dns-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-dummy-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-file_age-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-flexlm-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-fping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-game-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-hpjd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-http-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-icmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ide_smart-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifoperstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ifstatus-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ircd-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ldap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-load-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-log-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mailq-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtg-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mrtgtraf-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-mysql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nagios-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nt-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ntp-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-nwstat-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-oracle-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-overcr-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-perl-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-pgsql-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ping-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-procs-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-radius-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-real-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-rpc-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-sensors-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-smtp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-snmp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ssh-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-swap-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-tcp-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-time-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-ups-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-uptime-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-users-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:nagios-plugins-wave-0:2.0.3-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Crypt-CBC-0:2.33-2.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.src",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Crypt-DES-debuginfo-0:2.05-20.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.noarch",
"7Server-RH7-RHMAP-4.6:perl-Net-SNMP-0:6.0.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.src",
"7Server-RH7-RHMAP-4.6:phantomjs-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:phantomjs-debuginfo-0:1.9.7-3.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.src",
"7Server-RH7-RHMAP-4.6:python-meld3-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:python-meld3-debuginfo-0:0.6.10-1.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.src",
"7Server-RH7-RHMAP-4.6:qstat-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:qstat-debuginfo-0:2.11-13.20080912svn311.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.src",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-debuginfo-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-devel-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:radiusclient-ng-utils-0:0.5.6-9.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.src",
"7Server-RH7-RHMAP-4.6:redis-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:redis-debuginfo-0:2.8.21-2.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.noarch",
"7Server-RH7-RHMAP-4.6:rhmap-fh-openshift-templates-0:4.6.0-5.el7.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.src",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.noarch",
"7Server-RH7-RHMAP-4.6:sendEmail-0:1.56-2.el7.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.src",
"7Server-RH7-RHMAP-4.6:ssmtp-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:ssmtp-debuginfo-0:2.64-14.el7map.x86_64",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.noarch",
"7Server-RH7-RHMAP-4.6:supervisor-0:3.1.3-3.el7map.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hoek: Prototype pollution in utilities function"
}
]
}
rhsa-2018_1264
Vulnerability from csaf_redhat
Published
2018-04-30 18:12
Modified
2024-11-05 20:29
Summary
Red Hat Security Advisory: Red Hat Mobile Application Platform 4.6.0 Release - Container Images
Notes
Topic
Red Hat Mobile Application Platform 4.6.0 Release - Container Images
Details
Red Hat Mobile Application Platform (RHMAP) 4.6.0 consists of three main components:
* Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x.
* MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x.
* Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms.
The Core and MBaaS in RHMAP 4.6 are built on top of OpenShift Container Platform 3.x, Kubernetes, and Red Hat Software Collections. The Core and MBaaS both consist of several components, each running in its own container. Similarly, every cloud app deployed to the MBaaS runs in a container. Those containers are deployed and orchestrated by Kubernetes.
This release includes the option of provisioning a self-managed Build Farm on your infrastructure, to build Client Apps without relying on hosted Build Farm. For prerequisites and installation instructions, see the Installing RHMAP guide.
For this RHMAP release, the container images required to run the Core and MBaaS inside OpenShift Container Platform 3.x are:
rhmap46/fh-aaa:1.1.3-4
rhmap46/fh-appstore:2.1.2-3
rhmap46/fh-mbaas:6.0.3-2
rhmap46/fh-messaging:3.2.0-4
rhmap46/fh-metrics:3.2.0-5
rhmap46/fh-ngui:5.19.3-1
rhmap46/fh-scm:1.1.4-2
rhmap46/fh-statsd:2.1.3-4
rhmap46/fh-supercore:5.0.10-2
rhmap46/fh-sdks:1.0.0-36
rhmap46/gitlab-shell:2.1.2-16
rhmap46/httpd:2.4-47
rhmap46/memcached:1.4.15-32
rhmap46/millicore:7.55.0-4
rhmap46/mongodb:3.2-36
rhmap46/mysql:5.5-28
rhmap46/nagios:4.0.8-58
rhmap46/redis:2.8.21-40
rhmap46/ups-eap:1.1.4-35
rhmap46/wildcard-proxy:1.0.0-17
rhmap46/installer:1.0.0-42
This release serves as an update for Red Hat Mobile Application Platform 4.5.6. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.6.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010)
* hoek: Prototype pollution in utilities function (CVE-2018-3728)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Mobile Application Platform 4.6.0 Release - Container Images",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Mobile Application Platform (RHMAP) 4.6.0 consists of three main components:\n\n* Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x.\n\n* MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x.\n\n* Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms.\n\nThe Core and MBaaS in RHMAP 4.6 are built on top of OpenShift Container Platform 3.x, Kubernetes, and Red Hat Software Collections. The Core and MBaaS both consist of several components, each running in its own container. Similarly, every cloud app deployed to the MBaaS runs in a container. Those containers are deployed and orchestrated by Kubernetes.\n\nThis release includes the option of provisioning a self-managed Build Farm on your infrastructure, to build Client Apps without relying on hosted Build Farm. For prerequisites and installation instructions, see the Installing RHMAP guide.\n\nFor this RHMAP release, the container images required to run the Core and MBaaS inside OpenShift Container Platform 3.x are:\n\nrhmap46/fh-aaa:1.1.3-4\nrhmap46/fh-appstore:2.1.2-3\nrhmap46/fh-mbaas:6.0.3-2\nrhmap46/fh-messaging:3.2.0-4\nrhmap46/fh-metrics:3.2.0-5\nrhmap46/fh-ngui:5.19.3-1\nrhmap46/fh-scm:1.1.4-2\nrhmap46/fh-statsd:2.1.3-4\nrhmap46/fh-supercore:5.0.10-2\nrhmap46/fh-sdks:1.0.0-36\nrhmap46/gitlab-shell:2.1.2-16\nrhmap46/httpd:2.4-47\nrhmap46/memcached:1.4.15-32\nrhmap46/millicore:7.55.0-4\nrhmap46/mongodb:3.2-36\nrhmap46/mysql:5.5-28\nrhmap46/nagios:4.0.8-58\nrhmap46/redis:2.8.21-40\nrhmap46/ups-eap:1.1.4-35\nrhmap46/wildcard-proxy:1.0.0-17\nrhmap46/installer:1.0.0-42\n\nThis release serves as an update for Red Hat Mobile Application Platform 4.5.6. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.6.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010)\n \n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:1264",
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1493989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989"
},
{
"category": "external",
"summary": "1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "RHMAP-19902",
"url": "https://issues.redhat.com/browse/RHMAP-19902"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Mobile Application Platform 4.6.0 Release - Container Images",
"tracking": {
"current_release_date": "2024-11-05T20:29:31+00:00",
"generator": {
"date": "2024-11-05T20:29:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2018:1264",
"initial_release_date": "2018-04-30T18:12:01+00:00",
"revision_history": [
{
"date": "2018-04-30T18:12:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-04-30T18:12:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:29:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Mobile Application Platform 4.6",
"product": {
"name": "Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:mobile_application_platform:4.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Mobile Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"product": {
"name": "rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"product_id": "rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-aaa\u0026tag=1.1.3-4"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"product": {
"name": "rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"product_id": "rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-appstore\u0026tag=2.1.2-3"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"product": {
"name": "rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"product_id": "rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-mbaas\u0026tag=6.0.3-2"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"product": {
"name": "rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"product_id": "rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-messaging\u0026tag=3.2.0-4"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"product": {
"name": "rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"product_id": "rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-metrics\u0026tag=3.2.0-5"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"product": {
"name": "rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"product_id": "rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-ngui\u0026tag=5.19.3-1"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"product": {
"name": "rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"product_id": "rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-scm\u0026tag=1.1.4-2"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"product": {
"name": "rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"product_id": "rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-sdks\u0026tag=1.0.0-36"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"product": {
"name": "rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"product_id": "rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-statsd\u0026tag=2.1.3-4"
}
}
},
{
"category": "product_version",
"name": "rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"product": {
"name": "rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"product_id": "rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/fh-supercore\u0026tag=5.0.10-2"
}
}
},
{
"category": "product_version",
"name": "rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"product": {
"name": "rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"product_id": "rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/gitlab-shell\u0026tag=2.1.2-16"
}
}
},
{
"category": "product_version",
"name": "rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"product": {
"name": "rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"product_id": "rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"product_identification_helper": {
"purl": "pkg:oci/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/httpd\u0026tag=2.4-47"
}
}
},
{
"category": "product_version",
"name": "rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"product": {
"name": "rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"product_id": "rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/installer\u0026tag=1.0.0-42"
}
}
},
{
"category": "product_version",
"name": "rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"product": {
"name": "rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"product_id": "rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"product_identification_helper": {
"purl": "pkg:oci/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/memcached\u0026tag=1.4.15-32"
}
}
},
{
"category": "product_version",
"name": "rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"product": {
"name": "rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"product_id": "rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/millicore\u0026tag=7.55.0-4"
}
}
},
{
"category": "product_version",
"name": "rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"product": {
"name": "rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"product_id": "rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/mongodb\u0026tag=3.2-36"
}
}
},
{
"category": "product_version",
"name": "rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"product": {
"name": "rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"product_id": "rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/mysql\u0026tag=5.5-28"
}
}
},
{
"category": "product_version",
"name": "rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"product": {
"name": "rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"product_id": "rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/nagios\u0026tag=4.0.8-58"
}
}
},
{
"category": "product_version",
"name": "rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"product": {
"name": "rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"product_id": "rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/redis\u0026tag=2.8.21-40"
}
}
},
{
"category": "product_version",
"name": "rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"product": {
"name": "rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"product_id": "rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/ups-eap\u0026tag=1.1.4-35"
}
}
},
{
"category": "product_version",
"name": "rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64",
"product": {
"name": "rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64",
"product_id": "rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8?arch=amd64\u0026repository_url=registry.redhat.io/rhmap46/wildcard-proxy\u0026tag=1.0.0-17"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64"
},
"product_reference": "rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64"
},
"product_reference": "rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64"
},
"product_reference": "rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64"
},
"product_reference": "rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64"
},
"product_reference": "rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64"
},
"product_reference": "rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64"
},
"product_reference": "rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64"
},
"product_reference": "rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64"
},
"product_reference": "rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64"
},
"product_reference": "rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64"
},
"product_reference": "rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64"
},
"product_reference": "rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64"
},
"product_reference": "rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64"
},
"product_reference": "rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64"
},
"product_reference": "rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64"
},
"product_reference": "rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64"
},
"product_reference": "rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64"
},
"product_reference": "rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64"
},
"product_reference": "rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64"
},
"product_reference": "rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64 as a component of Red Hat Mobile Application Platform 4.6",
"product_id": "7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
},
"product_reference": "rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64",
"relates_to_product_reference": "7Server-RH7-RHMAP-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15010",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2017-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1493989"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-tough-cookie: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay include nodejs-tough-cookie as a build time dependency of protractor. It\u0027s no included in the runtime code, and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15010"
},
{
"category": "external",
"summary": "RHBZ#1493989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15010"
},
{
"category": "external",
"summary": "https://nodesecurity.io/advisories/525",
"url": "https://nodesecurity.io/advisories/525"
}
],
"release_date": "2017-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T18:12:01+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the docker pull command. Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.",
"product_ids": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-tough-cookie: Regular expression denial of service"
},
{
"cve": "CVE-2018-3728",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1545893"
}
],
"notes": [
{
"category": "description",
"text": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hoek: Prototype pollution in utilities function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay includes hoek as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3728"
},
{
"category": "external",
"summary": "RHBZ#1545893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3728",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728"
}
],
"release_date": "2018-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-04-30T18:12:01+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the docker pull command. Dockerfiles and scripts should be amended either to refer to these new images specifically, or to the latest images generally.",
"product_ids": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RH7-RHMAP-4.6:rhmap46/fh-aaa@sha256:333fe3a6104328fdf7a163e6782bdc93083f5824a71c172e1a91d8cd2ac4dc45_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-appstore@sha256:ea7077344b9a93df67469b205b84297d9f148f8ede6c5275a934247bb5308cca_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-mbaas@sha256:978137bd62f018ed791f8f242e4f454aa5632260b74416a697af2788f6fa55bc_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-messaging@sha256:969cf2d92202354e4aca3cf2550ab7c06d1c1d9557d9498b111de792b659aba2_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-metrics@sha256:4ae06c04142b0b146ca8a3da6da113d2600fd46307f501043c3a23040d89d2b0_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-ngui@sha256:b5dd33fabd680944f0075f6788ac3b5263a11a542ce51e6705dc0ad94aded656_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-scm@sha256:5ce3e868c6c1a8a86c1bf29ddf0e08e82827d4a39eafd8c5f36229a83f4c880b_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-sdks@sha256:91c35fb5b97a5487aac0db2e45d2aa9c22b8ae2fe96e564c333b89b8c1023683_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-statsd@sha256:55122c42b06eb1202e471247b8f9e1a6af1f855ebd620af74d0c338665bba603_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/fh-supercore@sha256:5400eb2ef4cf354c94c47439e5d3ef4bd355a8951463f0ccb9db40e313cb509e_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/gitlab-shell@sha256:e167f23019582aaca1791ba5f8c26825ea62d9885f6a06362f0a6648137381c7_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/httpd@sha256:338594491055c702411209edb55673d5718285fbf8e6d9241d8963ba929c3754_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/installer@sha256:940137b25079909c06b724d838a48db58a98d49baf3cb9eee0e0a068deba44bb_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/memcached@sha256:65d5a737ae9380a7a041726a33c0b36e4065ec9ea6890d327034f03bb1ce0969_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/millicore@sha256:babc8754be2c766a22461ce88b22fe18d17da84091e0dc4dd9e0edba8199e8f5_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mongodb@sha256:bcfd94b74bfb049fc6c5649216d703f15fe22c2caf30121ade844760fdefc601_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/mysql@sha256:e95585839f27c671609e0bafdb0c3e6752b114882b25b1b35d817142e738a597_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/nagios@sha256:321690d3b24c6281ee7b3bee9b7388676b96b5f3f2a6841bedc872614d73ecd8_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/redis@sha256:752ce940961048a174863aef559c8e303387f67bdbdbe1d91b197c9bbe7f773a_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/ups-eap@sha256:22ef1c2136573a99f278d5f1b384ee35244382a92a3ea2190e74d8ad660f009c_amd64",
"7Server-RH7-RHMAP-4.6:rhmap46/wildcard-proxy@sha256:5abb752987bde3c20273f9b19266bd8ba2015a06336980f8cf02e3a1f969dbf8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "hoek: Prototype pollution in utilities function"
}
]
}
gsd-2018-3728
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-3728",
"description": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"id": "GSD-2018-3728",
"references": [
"https://access.redhat.com/errata/RHSA-2021:3917",
"https://access.redhat.com/errata/RHSA-2018:1264",
"https://access.redhat.com/errata/RHSA-2018:1263"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-3728"
],
"details": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"id": "GSD-2018-3728",
"modified": "2023-12-13T01:22:43.555879Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hoek node module",
"version": {
"version_data": [
{
"version_value": "Versions before 5.0.3"
}
]
}
}
]
},
"vendor_name": "hapi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee",
"refsource": "CONFIRM",
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"name": "https://hackerone.com/reports/310439",
"refsource": "MISC",
"url": "https://hackerone.com/reports/310439"
},
{
"name": "103108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103108"
},
{
"name": "RHSA-2018:1264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2018:1263",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"name": "https://snyk.io/vuln/npm:hoek:20180212",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"name": "https://nodesecurity.io/advisories/566",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/566"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.2.1 || \u003e= 5.0.0-a0 \u003c 5.0.3",
"affected_versions": "All versions before 4.2.1, all versions starting from 5.0.0-a0 before 5.0.3",
"credit": "HoLyVieR",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-471",
"CWE-937"
],
"date": "2019-10-09",
"description": "The `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created from a JSON string containing the `__proto__` property.",
"fixed_versions": [
"4.2.1",
"5.0.3"
],
"identifier": "CVE-2018-3728",
"identifiers": [
"CVE-2018-3728"
],
"not_impacted": "All versions starting from 4.2.1 before 5.0.0-a0, all versions starting from 5.0.3",
"package_slug": "npm/hoek",
"pubdate": "2018-03-30",
"solution": "Upgrade to versions 4.2.1, 5.0.3 or above.",
"title": "Prototype pollution attack",
"urls": [
"https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee",
"https://github.com/hapijs/hoek/commit/5aed1a8c4a3d55722d1c799f2368857bf418d6df",
"https://hackerone.com/reports/310439"
],
"uuid": "ecfd31cc-df09-48ff-9f79-af1c4f989b49"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hapijs:hoek:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hapijs:hoek:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2018-3728"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via \u0027merge\u0027 and \u0027applyToDefaults\u0027 functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-471"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/310439",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/310439"
},
{
"name": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee"
},
{
"name": "103108",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103108"
},
{
"name": "https://snyk.io/vuln/npm:hoek:20180212",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:hoek:20180212"
},
{
"name": "https://nodesecurity.io/advisories/566",
"refsource": "CONFIRM",
"tags": [
"Broken Link"
],
"url": "https://nodesecurity.io/advisories/566"
},
{
"name": "RHSA-2018:1263",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"name": "RHSA-2018:1264",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:40Z",
"publishedDate": "2018-03-30T19:29Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.